This is the accessible text file for the semiannual report issued by the Library of Congress Office of the Inspector General (OIG) in March 2017.
This edition of the Office of the Inspector General’s Semiannual Report to Congress highlights Library of Congress collection materials related to baseball. Among its collections, the Library has the most comprehensive collection of historic baseball images in existence. Also, the Library currently has an exhibition of baseball sheet music entitled Baseball’s Greatest Hits: The Music of Our National Game. The exhibition opened on February 9 in the Performing Arts Reading Room Gallery in the James Madison Building. The exhibit, on view until Saturday, July 22, 2017, is free and open to the public. The 45–item exhibition draws from the collections of the Music Division at the Library of Congress.
The division holds one of the largest collections of baseball sheet music in the nation. Most of the works are original copyright deposits, which came to the Library through its copyright registration program. The songs chronicle baseball’s greatest moments and celebrate the pleasures of a day at the park, great players, and hometown teams.
During the summer of 1960, Mickey Mantle and his Yankee teammate Roger Maris jointly assaulted Babe Ruth’s single–season home run mark of 60. Maris exceeded Ruth’s record when he hit number 61 in the last game of the year.
Making her first appearance at a congressional hearing in February before the Committee on House Administration, Librarian Dr. Carla Hayden discussed her priorities. They include improving strategic planning, formulating a Library–wide strategy for the use of technology in conjunction with the institution’s overall strategy, improving collections–stewardship capacity, and modernizing the Copyright Office. The Office of the Inspector General noted the overlap between these objectives and the “top management challenges” outlined in this semiannual report, such as the Library’s need for better strategic planning. We think this bodes well for the Library and for progress being made to address the challenges.
During this semiannual period, we issued several reports across a variety of topics. We reported on the effectiveness of controls for the Library’s financial management system as part of the audit of the Library’s fiscal year 2016 financial statements, the Library’s use of appropriated funds for mass deacidification activities, and the internal controls of the Library’s purchase card program. We also continued our focus on information technology–related issues and reported on the Library’s implementation of System Development Life Cycle processes, completion of the July 2016 power recovery exercise, and data storage needs.
The Library implemented eleven of our recommendations from prior semiannual periods. Two of the recommendations are not identified here because they were in reports that were not released publicly.
Kurt W. Hyde Inspector General
The Library is the research and information arm of the United States’ national legislature and the world’s largest storehouse of knowledge. The Library’s mission is to provide Congress, the federal government, and the American people with a rich, diverse, and enduring source of knowledge that can be relied upon to inform, inspire, and engage them, and support their intellectual and creative endeavors. This mission is accomplished through the work of approximately 3,100 permanent employees.
Founded in 1800, the Library is also the nation’s first federal cultural institution, holding more than 164 million physical items on approximately 838 miles of bookshelves. These items include books and other print materials, recordings, photographs, maps, sheet music, and manuscripts. In addition to its three Capitol Hill buildings and Taylor Street Annex in Washington, DC, the Library operates six overseas offices and stores collections material in purpose–built facilities in Maryland, Illinois, and at the Packard Campus of the National Audio–Visual Conservation Center in Culpeper, Virginia.
The Library has eight primary components:
The Office of the Librarian provides leadership and executive management to the Library, overseeing the implementation of the Library’s mission. It includes the Deputy Librarian for Institutional Advancement, the Office of the Chief Operating Officer, and the Office of the Chief Information Officer.
The Office of the Chief Operating Officer supports the Deputy Librarian by managing and administering the Library’s infrastructure functions and daily operations, including oversight of Human Resources Services, the Office of the Chief Financial Officer, Contracts and Grants Management, Integrated Support Services, and Security and Emergency Preparedness.
The Office of the Chief Information Officer ensures that the Library’s information technology (IT) resources meet current and future mission requirements and operate effectively to serve the Congress and American people, while also providing IT services, security, and expert guidance on IT matters within the Library.
Library Services performs the traditional functions of a national library: acquisitions, cataloging, preservation, and reference services for both digital and conventional collections. It operates the National Audio–Visual Conservation Center and the American Folklife Center, among other programs.
The U.S. Copyright Office administers the nation’s copyright laws for the advancement of the public good; offers services and support to authors and users of creative works; and provides expert impartial assistance to Congress, the courts, and executive branch agencies on questions of copyright law and policy.
The Congressional Research Service supports the legislative process by providing, exclusively to Congress, objective, confidential, and nonpartisan assessments of public policy issues and legislative options for addressing those issues.
The Law Library assists Congress and the legislative process by providing comprehensive research on foreign, comparative, international, and U.S. law, and other legal reference services.
National & International Outreach manages and develops programs that have a national scope, such as the National Library Service for the Blind and Physically Handicapped; those that operate as cost recovery services; and those that foster access to the Library’s collections for research, teaching, and visitor education.
In fiscal year (FY) 2016, the Library
The Library’s Office of the Inspector General (OIG) was established in 1988 as a non–statutory office deriving its authority from the Librarian of Congress. OIG became statutory with the passage of The Library of Congress Inspector General Act of 2005 (2 U.S.C. section 185), with a mandate to
The Inspector General is a member of the Council of the Inspectors General on Integrity and Efficiency, a unified council of all federal statutory Inspectors General. This semiannual report is part of OIG’s statutory reporting requirements and presents information on
The Audits Division conducts in–depth reviews that address the efficiency, effectiveness, and economy of the Library’s programs, activities, and functions; provides information to responsible parties to improve public accountability; facilitates oversight and decision–making; and initiates corrective action as needed.
The Audits Division also contracts with an independent accounting firm that examines whether financial statements fairly present financial positions, results of operations, and budgetary resources. The firm also assesses whether the Library and other entities have adequate financial reporting internal control systems that comply with applicable laws and regulations.
OIG reports are available at www.loc.gov/about/oig.
The Investigations Division addresses alleged or suspected wrongdoing by agency employees, contractors, or others responsible for handling federal resources. Violations of Library regulations or fraud committed against the Library can result in administrative sanctions and criminal or civil prosecution. Contact information for the OIG Hotline is located on the inside back cover of this report.
This section provides a summary of issues identified by OIG as posing significant challenges for the Library.
Many of the Library’s management challenges over the years have flowed from an historic lack of proper strategic planning and performance management. With Dr. Hayden’s arrival, the Library has the opportunity to develop a more robust strategic plan. The current Library–wide strategic plan for FYs 2016–2020 was created to be a “living” plan, intended to guide the Library during a time of leadership transition and be revised once a new Librarian arrived. Along these lines, Dr. Hayden has expanded the Library’s planning and performance improvement activities and, with the recent launch of a Library–wide envisioning initiative, has moved forward to develop a Library–wide strategic plan supported by aligned service unit plans. The key will be to have a full set of priorities for the Library by the end of the fiscal year. The Library has also stayed on track with the design and launch of an integrated enterprise–wide risk management framework, in keeping with Office of Management and Budget Circular A–123. It will be important for the Library to follow–through in FY 2018 to ensure that this work quickly informs the revision of existing strategic plans.
The Library also now has the opportunity to improve its capacity to plan more strategically, identify and react more expediently to risks, and maintain greater focus on achieving desired results. For example, OIG has demonstrated that the Library needs to improve its eff orts to collect, preserve, and provide access to digital information. In April 2015, OIG reported that we could not determine whether the Library’s efforts to collect electronic works (born–digital content) and make them accessible had met expectations because management had not set quantifiable expectations for such activities, including what and how it will collect and the cost and schedule of such collections. [Footnote 1] More recently, in March 2017, OIG reported that the Library lacked a strategy for meeting its IT data storage needs.[Footnote 2] OIG reported that the Library did not have adequate cost accounting information, storage planning, and storage policies and procedures guiding data collection, management, and retrieval. OIG’s report outlined a five–year, phased approach to addressing the Library’s storage needs.
The Library should also prioritize addressing the needs of customers as part of strengthening the Library’s strategic planning and performance management. The Library has no comprehensive data on customers’ needs, feedback, and experience and currently has no effort to collect such data on an on–going basis. The envisioning work should set customer experience as a key priority, and, when developed, the Library’s revised strategic plan should more deeply identify and address the Library’s current and desired customers. The Library must develop a better understanding of its customers by obtaining comprehensive and reliable customer satisfaction data, define its intended customer experience, and then address the customer experience in its strategic plan. Having done this, the Library must then create a framework to measure performance and identify adjustments needed to improve customer services and related service unit performance.
Finally, the Library’s planning and performance management efforts must include a defined and consistent process for overseeing results and accomplishments to its strategic plan, especially at the executive level. This involves ensuring that strategic plans—from the Library’s enterprise–wide strategic plan to all of its supporting subordinate strategic plans—seamlessly align to maximize coordination and ensure that the Library moves toward all of its annual and long–term goals in unison. Without such strategic alignment, the Library will have a higher level of risk for waste through redundant infrastructure, unbalanced human capital, and inadequate service delivery to segments of the Library’s customers. Executive leadership must institute an oversight process that incorporates planning, performance management, and reporting processes into significant decision–making; that continually monitors and holds service units accountable for performance variances; and that analyzes and corrects performance shortfalls on a real–time basis. Implementing such an oversight process will motivate service units to deliver strategic results. Without such a process, the Librarian’s strategic planning efforts will not facilitate the achievement of intended results.
Collections storage represents another area in need of a more strategic approach. The Library has historically acquired materials faster than they can be processed, made accessible, and safely stored. Since FY 2013, the Library has acquired, on average, approximately two million new items per year. With ever–constraining budgets, the Library’s investments in storage capacity become problematic unless there is some adjustment to the inflow of material.
As reported by OIG in September 2013, the Library is not able to appropriately store the inflow of materials it obtains. [Footnote 3] The Library has taken steps to address storage capacity–related issues, including:
OIG also reported in September 2013 that the Library is not able to timely process the inflow of materials it obtains, hindering accountability, security, and the accessibility of its collections. OIG’s August 2016 report provided greater detail on this problem. [Footnote 4] The Prints and Photographs Division has a growing amount of items in storage that are not fully processed and would need approximately 40–60 years to eliminate this backlog. These items are at a greater risk of theft, damage, and loss because unprocessed materials lack adequate bibliographic, inventory, and security controls. OIG has not taken a position on how much unprocessed material the Library can or should maintain, but we did recommend in our August 2016 report that the Library assess the risks posed by the Prints and Photographs Division’s backlog and respond accordingly with a mitigation plan. The Library agreed to do so.
The Library’s various activities to address collections storage issues, including those listed above, need to be incorporated into a system–wide, long–term strategy that marries the Library’s acquisition efforts to its ability to process, make accessible, and store collections material. OIG has not to–date made recommendations on how the Library should proceed with regard to this significant challenge because some solutions require congressional action, such as the Library’s request for the statutory authority to transfer, under certain conditions, unexpended appropriated dollars into a new fund to cover the costs of designing, constructing, and equipping collections storage space. The Library has also reportedly embarked on other initiatives to address collections storage issues. In 2016, the Library implemented a review of its 70 collection policy statements, starting with policies that are thought to be of higher interest. Further, the Copyright Office is taking steps to move towards a digital deposit strategy by drafting a proposed rule to allow newspapers to deposit PDF ePrints under group registration; the Library expects to publish the rule at approximately the end of FY 2017. However, these select activities need to be integrated into a comprehensive strategy that addresses the Library’s historical trend of acquiring materials faster than they can be timely processed, made accessible, and safely stored.
The Library has taken steps in the digital area but more needs to be done to ensure that the Library meets its business objectives and customer needs. A more strategic approach to digital services and collections is necessary because of the pace of digital innovation and the need for the Library to act on many fronts to execute a timely digital transformation, such as through the development of an eCollections strategy as described below. Such strategic planning and implementation is necessary for the Library to build on progress already made, meet business objectives and customer needs going forward, and play a leadership role in this critical area.
Further, for this transformation to succeed, the Office of the Chief Information Officer (OCIO) must change the paradigm of how it operates within the Library. It cannot serve simply as an IT service provider—receiving requirements and delivering IT support, although this operational role is, of course, critical and presents the management challenges described in the following section on information technology infrastructure. OCIO must become a strategic partner working with Library service units to collect and manage digital content; automate internal processes; and deliver services electronically to the public, researchers, the copyright community, and Congress.
To realize this e–government goal, the Library needs an organization–wide, interdependent strategy for digital–related activities and the Chief Information Officer (CIO) must play a central role in creating it. The goal of creating this digital strategy is missing from the current Library–wide strategic plan and the IT strategic plan, both of which are for FYs 2016–2020. [Footnote 5] Several units are creating digital strategies and requesting resources, but these strategies are not part of an organization–wide plan and do not address the technical capacity of OCIO to collect, store, and provide access to the material, which would require the CIO’s knowledge of technology planning and information technology investment. While collection development policy—deciding which content should be added to the Library collections for use now and in the future is the professional responsibility of the service units, it cannot be successful without the CIO. By way of analogy, the Library partners with AOC in planning, designing, constructing, maintaining, and upgrading storage facilities. The Library units responsible for collections must develop a similar partnership with the CIO that involves the CIO at all stages of the collection life cycle.
As outlined in Digital Government: Building a 21st Century Platform to Better Serve the American People,[Footnote 6] agencies should operationalize an information–centric model that delivers device–agnostic digital services. Traditionally, the government has architected systems for specific uses, such as websites that are built with webpages sized specifically for computer screens and, to serve mobile audiences, agencies would then build an entirely new mobile site. In contrast, an information–centric model would decouple information from its presentation. This fundamental shift would involve transitioning to managing pieces of data that can be tagged, secured, and presented in a way that consumers would find useful.
To make the most of limited resources, Digital Government also advocates for a “shared platform” approach that involves looking first to using a shared platform and existing infrastructure when developing new projects, rather than procuring new infrastructure and systems for each new project. This should accelerate the adoption of new technologies, lower costs, and reduce duplication. Throughout the process of creating and managing digital information and organizing how to present it, Digital Government underscores the need to focus efforts on meeting customers’ needs. This would require developing an understanding of customer needs and coordinating across the agency to ensure that digital information is broadly made available and accessible. The building effort must also be done in a safe and secure, yet transparent and accountable manner.
During the current semiannual period, the Library initiated action on a component of a Library–wide digital strategy, including the creation of a Digital Collecting Plan dated April 2017. Complementing the Digital Collecting Plan, the Librarian established an eCollections Steering Group to coordinate the development and execution of Library–wide policies, activities, and investments essential for the timely and cost effective implementation of approved digital collection strategies. The eCollections Steering Group co–chaired by the Chief, Digital Collections Management and Services (a Library Services position) and the Deputy CIO—consists of senior managers and staff with relevant expertise from OCIO, Library Services, Law Library, and Copyright. The Steering Group is expected to address the need for an agency–wide plan for eCollections emphasizing a partnership approach; it will oversee investments in and the development of the infrastructure needed to support the Library’s digital collection programs. It will also coordinate service units’ digital priorities with the Library’s processes and mechanisms for strategic planning, IT strategic planning, and IT governance.
We commend the Library for these initial steps but emphasize that the development of an eCollections strategy must be a component of a comprehensive digital strategic plan that thoroughly aligns with the Library’s direction, priorities, and strategic plan, including the IT strategic plan. Only through this approach, will the Library reduce its exposure to wasteful redundancies and ensure that it leverages its enterprise architecture and digital investments in a manner that supports its customers as a whole. To achieve the maximum return, the Library needs to take a dual purpose approach. It not only needs a digital infrastructure designed to deliver eCollections digital content, but one designed to also deliver other kinds of digital content to meet the needs of all Library customers wanting digital content. As outlined in Digital Government, the Library’s digital strategy must transition to managing pieces of data that can be tagged, secured, and presented in a way that consumers will find useful. If done right, this will add value to the Library’s services by helping to make digital information widely available through a variety of formats.
In the past, the Library has had stalled digital initiatives and incomplete deliverables. In contrast, the Library’s current leadership must take a more ambitious approach in order for the Library to regain its role as a recognized leader in the digital arena. The Library cannot succeed with a strategic approach that invokes undefined outcomes, inadequate performance measurements, and passive accountability for performance shortfalls. We urge Library senior management to establish a comprehensive digital strategy that has aggressive outcomes that seamlessly interface with other strategic plans (Library, IT, and service units). The Executive Committee members and others should require all divisions involved in the digital area, along with OCIO, to deliver valid and verifiable performance metrics and to complement these with a management apparatus that continually reviews performance activity, identifies performance variances, and consistently oversees corrective activities. A less intense approach poses risks to achieving goals and serves to undermine efforts to assess and remedy performance shortfalls.
Over the past decade and a half, multiple audits by OIG and the Government Accountability Office (GAO) [Footnote 7] revealed strategic and operational weaknesses that have negatively affected the delivery of Library services. The absence of a strategic IT vision resulted in substandard accountability for IT investments, poor IT governance, and an absence of IT best practices. These systemic weaknesses caused the Library’s programs to be inadequately supported in accomplishing their missions. In an effort to compensate, service units disengaged and attempted to develop their own solutions. In doing so, the Library experienced inefficiencies in its IT operations and investments along with an erosion of its IT organizational authority.
As a result of recent changes, the Librarian and her executive team have the opportunity to solidify the Library’s IT strategic direction and accelerate the pace of improvements initiated during FY 2016. For example, in November 2016, the Librarian elevated the authority of the CIO, who now reports directly to the Librarian, and consolidated various technology functions under the OCIO. Subsequently, a multi–phase OCIO reorganization was initiated to centralize core technology management activities and remedy past findings from OIG and GAO related to management issues. Phase I of the reorganization, as approved by the Librarian, took effect February 19, 2017. It created the new Project Management Office (PMO), which reports to the CIO and realigned technology operational groups and personnel into newly structured reporting lines. OIG supports the recently implemented organizational positioning of the CIO as the central entity with overall responsibility for IT strategic planning and operations. Federal agency best practices (statutorily mandated in executive branch agencies) call for the CIO to report to the agency head or their deputy. Going forward, it is essential that OCIO perform as a technology business partner to service units and provide them with exceptional service.
In sum, OCIO reported that during this semiannual period it
As to be expected, more challenges remain. In this semiannual period, OIG issued several IT–related reports that identified areas needing improvement.
As identified in one of the reports, an immediate IT management challenge relates to SDLC deficiencies. OCIO has five open recommendations from an OIG review of SDLC processes that, in part, address the investment cycle and budget tracking processes for systems development. [Footnote 11] Our recently issued FY 16 SDLC Review reiterates and emphasizes the necessity and urgency to address controls and processes in these areas.
Going forward, OCIO must continue to execute on its strategic plan to deliver robust business and data services that address the evolving needs of the Library’s service units. To meet its strategic goals and achieve its desired state–of–the–art technology infrastructure, security, and best practices, OCIO needs to
Accomplishing long–term improvements in the Library’s IT operations and culture will require a commitment to a Library–wide integrated IT strategic plan and the continued centralization of technology operations in OCIO.
As the Librarian’s senior executive team continues to focus on the long–term systemic weaknesses in its contracting function, it must reshape the function with a vision that provides agency customers with the same operating advantages found in well–performing organizations. To accomplish this, the Chief Operating Officer, who oversees the Office of Contracts and Grants Management (OCGM), should identify the key strategic and operating attributes of well–performing contracting operations and develop a strategy to implement them at the Library. As discussed throughout this top management challenges section, strategic planning and performance management issues are and have historically been a challenge for the Library.
OIG is currently conducting a follow–up review of a previous audit of OCGM. The FY 2012 audit identified a host of operational and strategic weaknesses that exposed the Library to unacceptable levels of risk in the award and administration of its contracts. [Footnote 12] Subsequently, in 2013, the Library hired a new Director of OCGM (a senior level position) and realigned the Director position and the OCGM function to report directly to the Chief Operating Officer. The realignment demonstrated senior management’s commitment to curing the long–term systemic weaknesses affecting its contracting business.
In previous comments on this top management challenge, the Director noted that improving the fidelity of procurement data is necessary to ensure that gains reportedly made over the past several years are maintained and to continue to deliver improved results over time. The reported gains include improvements in the delivery of contract services while improving contract quality and staff expertise, a year–over–year increase in the number of actions completed and dollars obligated, and the deployment of tools to improve performance and communications. The Director also cites the award of agency and Legislative–branch wide contracts; streamlined ordering procedures to include the use of purchase cards and direct ordering under Library contracts; improved controls through deployment of standard clauses and contract templates; and monitoring of key performance indicators for feedback, lead time, risk, and client service. The Director also cites the completion of the majority of contract actions early in the fourth quarter of FY 2016 as a success because it reduced the risks associated with a high volume of fiscal year–end contract activity.
In ongoing discussions with Library management, the Director has asserted significant progress in all of the deficient operational areas identified. However, based on our current review of key areas, such as building and maintaining knowledgeable staff and expending budgetary resources to develop leading edge procurement systems, the challenge remains for the Chief Operating Officer to define the Library’s strategic vision of its future procurement function. In the absence of a defined vision, the Library will not be able to adequately assess its progress towards that vision.
As we conclude field work for our follow–up audit and report on our findings, our task will be to confirm not only the operational progress claimed by the Library. Our audit results will also focus on ensuring Library management has developed a sustainable strategic framework for achieving a stable and highly performing entity–wide procurement function.
OIG contracted with the independent public accounting firm of Kearney & Company (Kearney) to perform an audit of the Library’s FY 2016 financial statements and to provide a report on the effectiveness of general and application controls for the Library’s Momentum Cloud and related Momentum support systems (Momentum). The contract required that Kearney perform the audit in accordance with Generally Accepted Government Auditing standards; the GAO’s Financial Audit Manual; GAO’s Federal Information Systems Controls Audit Manual; National Institute of Standards and Technology Special Publication 800–53, Recommended Security Controls for Federal Information Systems; Computer Security Act of 1987; and Library Information Technology Security Standards.
Kearney’s audit did not identify any material weaknesses or significant deficiencies for Momentum. [Footnote 13] During its audit, Kearney identified and conveyed to Library management certain control weaknesses it did not deem significant. Kearney described those weaknesses in the report, which was not issued for public release because of the sensitive nature of the information contained in the report.
OIG contracted with Kearney to conduct a performance audit in accordance with Generally Accepted Government Auditing Standards of the Library’s implementation of SDLC processes. For the Library to achieve a secure, efficient, and effective portfolio of business and program applications, its information system policies and procedures must establish a framework of sound SDLC practices. Senior management must also complement SDLC practices with an effective Project Management Life Cycle (PMLC) process that provides thorough development oversight, full investment transparency, and periodic variance analysis. The audit involved a review of three recent system development efforts within the Library.
When the three system development efforts were initiated, Library management was in the process of implementing information systems governance in a decentralized manner, making it optional for service units to comply with prescribed SDLC/PMLC practices and requirements. In addition, the Library at the time had not hired a qualified CIO. These issues were addressed in previous OIG reports. [Footnote 14].
Beginning in FY 2014, new Library leadership initiated changes, such as re–aligning the CIO’s role consistent with the principles of the Clinger–Cohen Act. [Footnote 15] OIG believes this top–down leadership approach should result in greater progress in the delivery of efficient and secure information systems and demonstrate to Congress that appropriating funds to the Library for new systems will deliver the intended investment results. In summary, Kearney determined that two of the three systems reviewed did not establish and utilize SDLC practices from the outset of development activities. As a result, key program and project controls were not instituted early on and intended investment results were not realized. Library management agreed with all of the findings and recommendations in the report, which was not issued for public release because of the sensitive nature of the information contained in the report.
OIG evaluated the Library’s preservation program related to mass deacidification activities. OIG determined that the Library is committed to using the funds Congress appropriates annually for performing mass deacidification activities. Furthermore, Library management believes that the amount appropriated for deacidification is more than adequate given the diverse preservation needs of the broader Library collection and the progress made over the last 20 years by the Library’s deacidification efforts. However, OIG identified certain issues for the Library to address.
Library management agreed with all of our findings and recommendations. We have not included the details here about our findings and recommendations due to the sensitive nature of the information contained in them. The report was not issued for public release.
OIG engaged HMS Technologies, Inc. (HMS) to review the Office of the Chief Information Officer’s (OCIO) July 2016 disaster recovery exercise and compare those results to the lessons learned from the Library’s August 2015 planned power outage. The Library experienced problems during the August 2015 planned power outage that delayed up to ten days the recovery of several business systems. HMS reviewed the plans and observed the July 2016 exercise to determine whether OCIO and service unit system–owners complied with the newly developed test plans. In general, HMS found that the July 2016 exercise was successful with OCIO implementing many of the lessons learned. However, HMS also determined that the Library’s primary (PCF) and alternate computing facilities (ACF) require more improvements that depend on congressional assistance through additional funding and related support. HMS’ evaluation determined that OCIO and service units must increase the frequency and intensity of their contingency testing to diminish the possibility that interruptions in service at the PCF do not evolve into pro–longed disruptions of IT service. Coincidently, the Library must develop effective and convincing funding proposals for submission to appropriators for replacing the current PCF and enhancing the ACF to assure the Library has the capability to sustain its IT operations during significant contingency events.
Library management agreed with all of the findings and recommendations, but we are not including them here because of the sensitive nature of the information contained in the report. The report was not issued for public release.
OCIO requested assistance identifying cost–effective solutions for meeting the Library’s current and future IT data storage needs. OIG designed the analysis to cover the Library’s short–term (one year), medium–term (three to five years), and long–term (greater than five years) storage needs and engaged HMS to conduct the review. The Library has the unique and enviable mission of collecting, preserving, and providing access to some of the nation’s most important digital information. This mission poses many challenges however, such as the massive amount of data storage capacity required by the Library to meet its current and future needs. This creates a significant challenge that has not been addressed by the Library’s strategic planning activities, as discussed in the top management challenges section of this semiannual report.
In evaluating the Library’s storage architecture, HMS found the Library has 46 storage platforms purchased from six different manufacturers, with some no longer supported by the provider. As part of its assessment, HMS determined that the Library did not have adequate: cost accounting information for its storage architecture; storage planning through its enterprise architecture function; and storage policies and procedures guiding data collection, management, and retrieval. HMS developed a forward–looking roadmap that outlines a phased approach to addressing the Library’s storage strategy from present day to five years and beyond. Under the strategy, at the five–year mark, the Library will support and manage storage growth, reduce the number of storage platforms, and reduce storage vendors. The Library will directly benefit from the recommended strategy with an increased return on the Library’s storage investments, enhanced cybersecurity protection of data, and increased data availability.
Library management agreed with all of the findings and recommendations in the report. OIG did not issue the report for public release due to the sensitive nature of information contained in it.
OIG initiated the audit to determine whether the Library’s internal controls over its purchase card program were appropriately designed and the controls were effectively working. In the course of conducting the audit, OIG determined that the Office of the Chief Financial Officer needed to strengthen the purchase card program’s internal control environment. OIG completed the interim report to alert Library management of our initial findings before completing the audit to enable the Library to take corrective actions immediately. OIG identified several issues. OIG determined that the purchase card program’s policies and procedures were out–of–date; required compliance reviews were not being implemented as designed; and program data needed to be better managed. OIG also determined that the performance expectations of purchase card program personnel needed to be updated. Library management agreed with all of the findings and recommendations in the report. It should be noted that before the issuance of the report Library management started to implement corrective actions.
In February 2017, the Inspector General notified the CIO via memorandum of OIG’s understanding of and perspective on the Library’s efforts to move the Primary Computing Facility. The Inspector General underscored that refined costs estimates were urgently needed for the Library’s outstanding budget requests and to allay congressional funding concerns.
In March 2017, the Inspector General notified the CIO and General Counsel via memorandum of the need to reduce confusion created by changes being proposed in 10 Library of Congress Regulations (LCR) about the Library’s Information Resource Management (IRM). The proposed LCRs reflect the Librarian’s decision to centrally locate and manage technology ac–tivities in the OCIO. The Inspector General stated that the Library should implement a straightforward, clear, and concise framework for IRM that is essentially reflected in one LCR and that it create directives as needed to provide more detailed procedural information.
During this reporting period, the Office of Investigations was staffed by two retired criminal investigator re–employed annuitants (one part–time) and a management analyst. At the end of the reporting period, we on–boarded a GS–13 full–time criminal investigator and have plans to hire one more criminal investigator and a supervisor.
During this reporting period, OIG issued four investigative reports and had no referrals. We opened five investigations, closed two, and forwarded two to Library management for administrative action. Four complaints were opened, two were closed, and one was converted to an investigation. With regard to our hotline program, we received forty hotline communications. Fifteen hotline communications were referred to management. One review was opened.
OIG received a referral from the Office of the General Counsel concerning a possible conflict of interest issue with an employee’s book contract. Management was concerned that the employee entered into a for–profit contract with a Library vendor without approval, used Library resources, and drafted a book that gave the impression that the publication was officially endorsed. An investigative report was issued and referred to Library management for action.
OIG conducted an investigation and determined that an employee used their work computer to visit Internet sites and download sexually explicit material. The employee was previously investigated for the same misconduct, which led to disciplinary action. While under investigation by OIG, the employee resigned, and the case was closed without action.
OIG received a referral from the Library travel office concerning the possible misuse of an employee’s official travel card. The investigation determined that there were numerous unauthorized cash withdrawals from the card totaling about $4,000. The employee also gave conflicting statements to OIG investigators and local law enforcement. An investigative report was issued and referred to Library management for possible disciplinary action.
OIG was notified that a Library employee saw a book for sale on eBay that had a Library “stamp.” The investigation determined that although one record exists that indicates that the book was received by the Library in 1932 and placed in General Collections, there were inadequate records to determine when or how the book left the Library and ended up for sale on eBay. The Office of the General Counsel opined that the Library did not have legal recourse to demand the return of the book, and Library management recommended the Library not pursue the return of the book. The case was closed with no action.
There were no such investigations during this reporting period.
There were no instances of whistleblower retaliation during this reporting period.
There were no such investigations during this reporting period.
We obtained comments from Library management on the status of all open recommendations. OIG summarized the comments provided for recommendation made in our publicly released reports and placed them in tables 3A and 3B. The assertions made in tables 3A and 3B are the representations of Library management and not of the OIG. OIG periodically performs follow–up audits to verify implementation.
Report summary: OIG evaluated the Office of Contracts as a follow–up to a review completed in 2008.
Recommendation: Develop directives that clearly set forth the policy and constraints for using Library of Congress Regulation 2111—The Office of the General Counsel (OGC) training webinar is now available on the Library’s Skillport website. OGC has circulated a draft directive to the relevant stakeholders and anticipates issuance of the directive in the second quarter of FY 2017.
Report summary: OIG evaluated the Library’s IT strategic plan as a follow–up to a review completed in 2009.
Recommendation: Account for all information technology (IT) costs, including computer security, as part of the IT budgetary process—A draft report, “Library of Congress Non–Personnel
IT Expenditures – FY 2016 Pilot,” was distributed to Information Technology Steering Committee (ITSC) members in November 2016. The final report is anticipated to be issued in March 2017 once the feed–back received to date from the ITSC members has been incorporated into the report. For FY 2017, the Office of the Chief Information Officer (OCIO) has reviewed and expanded into three IT Expenditure Categories. New categories include (1) Mission–Specific, Enterprise Shared, (2) Program/Project Management and (3) IT Management. The IT Security category has been expanded to include compliance and Business Continuity and Disaster Recovery. These changes will allow for greater accuracy and provide additional granularity for reported IT expenditures. A general category of “Other IT” will be phased out in FY 2018 and this spending will be specifically categorized moving forward. The estimated completion date is the second quarter of FY 2018.
Report summary: OIG evaluated the Library’s System Development Life Cycle (SDLC) methodology for acquiring, designing, implementing, and maintaining IT systems.
Recommendation: Issue a Library–wide policy that communicates the mandatory requirements of the SDLC process outlined in the existing Information Technology Services Project
Management Guide to ensure consistent management of the Library’s IT projects—The draft Library of Congress Regulation (LCR) describing the Project Management Office’s (PMO) role and responsibilities specifies that the PMO is responsible for enforcing Project Management Life Cycle (PMLC) and SDLC methodologies. Once the LCR has been promulgated, OCIO will issue Library–wide procedures that communicate the mandatory requirements of the PMLC and SDLC processes. OCIO believes that, with the promulgation of this LCR, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
Establish a budget methodology to track project development costs and measure variances against approved costs—A new FY 2017 project is being chartered to track project actual costs. OCIO is currently analyzing possible solutions for tracking staff hours working on IT projects. The estimated completion date is the second quarter of FY 2018.
Establish a central data repository with the Enterprise Architect and/or PMO to store all project artifacts, including cumulative cost and schedule data. In addition, periodically perform an internal and/or external inspection of the Library’s IT projects and update the Enterprise Architecture repository with the results of the inspection if necessary—The draft LCR regarding the PMO specifies that the PMO is responsible for establishing and maintaining a central data repository for project artifacts. In addition, a directive is currently being written that will describe the process for conducting periodic inspection of the Library’s IT projects. OCIO anticipates that the directive will be issued when the PMO LCR has been promulgated, at which time this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2018.
Centralize the assessment of the Library’s IT portfolio with the PMO and prohibit the existing practice of service unit IT investment self–assessments—The draft LCR states that the PMO will conduct quarterly assessments of all major IT projects included in the Library’s IT Project Portfolio. OCIO believes that, with the promulgation of this LCR, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2018.
Revise LCR 1600 to clearly delineate ownership and stewardship of IT assets—The draft LCR regarding the Chief Information Officer (CIO) has been distributed to Library–wide leadership for review. This LCR describes the CIO as the owner and steward of the Library’s commodity IT. It also adopts aspects of the Federal Information Technology Acquisition Reform Act (FITARA). OCIO believes that, with the promulgation of this LCR, this recommendation will be fully implemented. The estimated completion is the third quarter of FY 2017.
Report summary: OIG reviewed the Library’s internal controls for tracking IT investments.
Recommendation: Library policy documents (LCR 1600 and the Information Technology Steering Committee Charter) need to be updated with clear direction on members, roles, and responsibilities—The draft LCRs regarding Information Resource Management (IRM), ITSC, Information Technology In–formation Management (ITIM), and the Architecture Review Board (ARB) were distributed to Library–wide leadership for review. These four LCRs provide clear direction on members’ roles and responsibilities regarding the ITIM process. OCIO believes that, with the promulgation of these LCRs, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
Assign financial responsibility to the Chief Financial Officer (CFO) to strengthen accountability for enforcement of internal controls and linkage to the Library IT budget.
Articulate the level and responsibilities of voting members from each service unit in the ITSC Charter. The Director of Strategic Planning should also be consulted to ensure that all IT capital investments have goals and appropriate metrics have been defined—The draft ITSC LCR describes the CFO’s role, the responsibilities of ITSC voting members, and the participation of the Director of Strategic Planning and Performance Management (SPPM) with regard to the ITIM process. The OCIO believes that, with the promulgation of this LCR, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
The ITSC should report directly to the Chief of Staff or higher position. Clarify the roles and responsibilities of the Deputy Librarian/Chief of Staff in the ITSC policy/charter to strengthen ITSC oversight of IT investments—The draft ITSC and ITIM LCRs describe the role and responsibilities of the ITSC. The OCIO believes that, with the promulgation of these LCRs, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
Document the role and responsibilities of the CIO in the ITSC Charter. Restrict or eliminate the delegation of CIO responsibilities with respect to ITSC activities—The draft ITSC and ITIM LCRs describe the role and responsibilities of the CIO regarding ITSC activities. OCIO believes that, with the promulgation of these LCRs, this recommendation will be fully implemented. The estimated completion is the third quarter of FY 2017.
Research cost effectiveness of using the General Services Administration managed eCPIC tools as a method for institutionalizing capital planning activities—Analysis of alternatives for a tool to support the IT investment management process has been completed. OCIO is in the process of considering next steps, which include a potential procurement. The estimated completion is the third quarter of FY 2017.
Document roles for the CFO, Budget Officer, and Director of Grants and Contracts Management in the development of the ITSC Charter and LCR 1600 (guidance documentation) in the Library's technology investment process—The draft ITSC LCR describes the CFO and the Director of Contracts and Grants Management’s roles and participation with regard to the ITIM process. OCIO believes that, with the promulgation of this LCR, this recommendation will be fully implemented. The estimated completion date has been amended to the third quarter of FY 2017.
Improve internal budget/project communications and training on how to develop, capture, and report project costs uniformly across the service units—In early FY 2017, a contractor assisted the PMO in creating revised PMLC and SDLC guidance, which included how to develop, capture, and report estimated project costs uniformly across the service units for Library–wide us–age. The new guidance is being presented to the Library Project Managers by Q2 FY 2017.
Appoint a permanent CIO responsible for IT investments, along with ensuring that Office of Management and Budget (OMB) Exhibit 300–type information is included in budget requests for IT investments—The draft ITSC LCR states that the CIO is the Chair of the ITSC and describes the responsibilities of the ITSC members regarding the ITIM process. The LCR regarding the ITIM framework used OMB Exhibit 300 as a source. The OCIO believes that, with the promulgation of these LCRs, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
Adopt aspects of H.R. 1232 "Federal Information Technology Acquisition Reform Act" (FITARA)––a bill passed by the House of Representatives––that would have increased the power of existing Chief Information Officers within federal agencies so that they could be more effective. Each agency would also be reduced to having only one CIO in the agency, who is then responsible for the success and failure of all IT projects in that agency—The draft OCIO LCR was written using aspects of FITARA in order for the CIO to be more effective. In addition, the Librarian of Congress issued a directive in fall of 2016 to centralize all IT activities within the OCIO. This included the directive for all agency senior IT staff to report to the CIO or Deputy CIO. OCIO believes that, with the promulgation of the LCR the recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
The CFO (or higher) should ensure that the ITIM process is followed by all service units—The draft ITIM LCR describes the ITIM process, including service unit responsibilities and requirements. With the promulgation of the LCR, all service units will be required to follow the ITIM process; however, service units have been following the ITIM process since FY 2016. OCIO believes that, with the promulgation of this LCR, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
Provide training and awareness of the ITSC oversight process for mid– and senior–level managers across the Library (all services units)—The draft ITIM LCR describes the oversight role of the ITSC. In the interim, the ITIMPO conducts training on a scheduled and ad–hoc basis for mid– and senior–level resource and project managers. OCIO believes that pending the promulgation of the ITIM LCR, training can be formalized and presented to the IT Collaborative Forum and Library Supervisor’s Forum. OCIO anticipates that the training can be completed by the fourth quarter of FY 2017 conditional upon the ITIM LCR being promulgated.
Align current cost development processes for IT investments to coincide with requirements for OMB reporting, such as the use of an earned value management system to track costs on high–risk projects, as discussed in Capital Programming Guide, V.3.0, Supplement To OMB Circular A–11: Planning, Budgeting, and Acquisition of Capital Assets—The draft PMO LCR entrusts OCIO with responsibility for providing PMLC and SDLC directives which include but are not limited to templates and guidance for milestones/scheduling, cost estimation, risk management, and requirements management for use during all applicable IT project phases as described in the mandatory requirements of the PMLC and SDLC. The guidelines and templates will be developed using Federal best practices. In addition, OCIO is evaluating capital planning and investment control tools for IT investment and project management. The estimated completion date is the fourth quarter of FY 2017.
Implementation of these practices may require procedural changes used by the service units for reporting expenditures and systemic modifications to Momentum and the budget system (Clarity) that are used for tracking costs—For FY 2017, OCIO reviewed and expanded into three IT Expenditure Categories. The new categories include (1) Mission–Specific, Enterprise Shared, (2) Program/Project Management and (3) IT Management. The IT Security category has been expanded to include compliance and BCDR. These changes will allow for greater accuracy and provide additional granularity for reported IT expenditures. A general category of “Other IT” will be phased out in FY 2018 and this spending will be specifically categorized moving forward. OCIO also solicited for members to participate in a Technology Business Management (TBM) Working Group, coordinated with a joint OCIO/OCFO Working Group to help develop requirements for improving planning and reporting systems at the Library. OCIO received TBM Working Group member nominations from the ITSC members; the TBM Working Group charter was drafted and the approved version was distributed to the ITSC and the OCIO. OCIO held a second TBM Working Group meeting in February. At the meeting, OCIO presented an updated FY 2018 Investment Portfolio Framework based on TBM IT Towers and Sub–Towers Definitions. The presentation included a document that illustrated OCIO adoption of TBM IT Towers and Sub–Tower Definitions. The estimated completion date is the fourth quarter of FY 2018.
Use primary source documentation throughout the ITSC process. Part of the ITSC package should include financial system information, budgetary information, acquisition system information, as well as performance monitoring information—The IT investment reporting process began using third quarter FY 2016 data. The process incorporates the use of primary source documents, such as IT expenditure reports from the Library’s Financial Reporting Sys–tem (FRS) to track execution of non–personnel costs. The ITIMPO has solicited feedback from investment managers to identify process and data improvements for upcoming quarters. The estimated completion date is the second quarter of FY 2018.
Include the OCFO review of costs (in summary form) before approval of a new project, and at major checkpoints (milestones) throughout the project life cycle—The draft ITSC LCR describes the CFO’s role on the Committee, specifically to strengthen the linkage between IT management and strategic financial planning and financial controls, and financial management. OCIO believes that, with the promulgation of this LCR, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
Institute better tracking of IT investments through changes in the Momentum and Clarity financial systems—See the status update provided for recommendation I.2.C of 2011–IT–103. The estimated completion date is the fourth quarter of FY 2018.
Document the role of the Strategic Planning Officer (SPO) in the ITSC process to ensure a synchronized planning cycle. Develop a process for proper timing of strategic planning for investments (early) and a direct tie–in between strategic plans and the ITSC process—The draft ITSC LCR describes the roles and responsibilities of the Director of SPPM in the ITSC process to ensure a synchronized planning cycle. OCIO believes that, with the promulgation of this LCR, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
Document a needed linkage between ITSC and the SPO; including roles and responsibilities throughout the ITSC life cycle—The draft ITSC LCR describes the Strategic Planning Officer’s role and responsibilities on the Committee. OCIO believes that, with the promulgation of this LCR, this recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
Implement a portfolio process, similar to OMB Exhibit 53—OCIO has constructed a proposed IT investment portfolio framework that will be implemented as part of the FY 2018 IT investment planning cycle, which will begin in March 2017. OCIO anticipates improvements will be made to the framework based on comments from process stakeholders. The estimated completion is the third quarter of FY 2017 as the implementation timing was impacted by IT centralization activities taking precedence.
The Chief of Staff should implement a continuous improvement program within the Executive Committee and ITSC to identify opportunities for process improvement in the areas of cost accounting, performance management, and all areas of the ITSC—The expected completion date for this recommendation has been extended to the third quarter of FY 2018 to enable the ITSC to obtain feedback and identify opportunities for process improvement in the areas of cost accounting, performance management, and other work–flows. Until appropriate policies and procedures have been promulgated, then tested through practice, a baseline for measuring improvement will not have been established.
The Chief of Staff should take steps to update the Library’s existing information resource management, ITIM, and EA policies and practices. These existing standards need to be updated with lessons learned or improvements that are aligned with the Library's evolving strategic plan and leading or best practices—OCIO recognizes the value in aligning the Library’s IT activities with established best practices. The draft IRM LCR acknowledges that, while the Library does not have to comply with the Clinger–Cohen Act or OMB Circulars, there are benefits in centralized control and agency–wide coordination of IT resources and activities; therefore, the Library adopts government or industry practices and policies that assist in accomplishing the Library’s goals. The draft IRM, ITIM, and EA LCRs link the Library’s practices and policies to the Library’s Strategic Plan. OCIO believes that, with the promulgation of these LCRs, the recommendation will be fully implemented. The estimated completion date is the third quarter of FY 2017.
The CIO should champion a best practice governance methodology to build awareness and understanding of best practices in the areas of IT management and program governance—OCIO recognizes the value in aligning the Library’s IT activities with established best practices. The draft LCR on IRM acknowledges that, while the Library does not have to comply with the Clinger–Cohen Act or OMB Circulars, it recognizes the benefits of centralized control and agency–wide coordination of IT resources and activities, and adopts government or industry practices and policies that assist in accomplishing the Library’s goals. The draft LCRs for IRM and the draft LCR for the OCIO, which established the CIO’s roles as a champion of best practice governance methodology, have been distributed to Library–wide leadership for review. These LCRs acknowledge the linkage to the Library’s Strategic Plan. The estimated completion is the third quarter of FY 2017.
Define benchmarks for ITSC management processes against appropriate public and private sector standards, organizations, and/or processes in terms of costs, speed, productivity, and quality of outputs and outcomes to measure steering committee effectiveness—Once the LCRs have been promulgated, OCIO will determine appropriate performance benchmarks to measure ITSC effectiveness. The estimated completion date is the fourth quarter of FY 2017.
Report summary: OIG evaluated the Library’s eff orts to ingest and make available for use electronic works (born–digital content). The Librarian should require the Architecture Review Board to: ensure that the eCollections Strategy and related activities are sufficiently addressed in the EA’s current or “as–is” environment, the target or “to–be” environment, and the roadmap leading from the “as–is” to the “to–be” environment; sufficiently address and reduce the risk of implementing duplicative, poorly integrated, and unnecessarily costly eCollection activities; and sufficiently address the need for “robust security” to prevent “loss, alteration, and unauthorized access” of eCollections items—The work has commenced on collecting the information needed to document the “as–is” environment, the target or “to–be” environment, and the roadmap leading from the “as–is” to the “to–be.” The estimated completion date is the third quarter of FY 2017.
The Librarian should take the following steps to implement better governance and accountability in order to ensure timely implementation of the Librarian’s vision to acquire digital works: create a mechanism for the Librarian and his immediate leadership team to receive executive–level reports on a regular basis on eCollection activities, mandate their review, and take timely action as necessary to ensure that such activities stay in–line with the Librarian’s vision and with senior leadership’s cost, schedule, and performance expectations; provide greater clarity on the role of the Executive Committee (EC) in monitoring and overseeing cross–cutting IT programs; and ensure the EC’s consistent involvement, support, and oversight of the eDeposit Program and the eSerials Project—A draft charter has been created for the proposed eCollections Steering Group which will be responsible for developing and implementing the eCollections Strategy. The draft charter is being reviewed by OCIO and Library Services senior management with the goal of obtaining approval from the Librarian of Congress and the EC. The estimated completion date is the fourth quarter of 2017.
ITSC does not have the necessary data to align information technology goals, objectives, and priorities with the strategic needs and plans of the Library. The Librarian should do the following to correct this: direct the CFO to provide information on the full universe of IT investments budgeted in each fiscal year for eCollection activities to the ITSC on an ongoing basis, as well as provide actual year–to–year costs for budget versus actual comparisons; require ITSC to formulate approval and monitoring criteria that align with the Library’s organizational priorities as stated in an eCollections Strategy and associated enterprise architecture, as well as with common requirements spanning the Library’s service units for ingesting and protecting electronic works; and require the chair of the ITSC to report regularly to the Librarian, her designee, and/or the EC about ITSC decisions and over–sight issues related to the schedule, cost, and performance of eCollection activities—Library Services is working with OCIO on strategic architecture documents related to eCollections activities that include strategic needs and plans. IT investments relating to eCollections activities will reference the strategic architecture documents for current architecture, future architecture and proposed transition activities. IT investment planning by other Service Units performing eCollections activities will be coordinated with Library Services IT investment planning in future IT investment cycles to specifically address efficient and effective resource use to support common business strategies, goals and requirements for eCollections. The estimated completion date is the fourth quarter of 2017.
To improve the organizational and financial management of its eCollection activities, the Librarian needs to require that service units: adopt and implement Library–wide best practices for standardizing program and project management to increase the likelihood of delivering effective digital trans–formations on time and on budget; and collect, track, and use quantitative data demonstrating variances in project delivery and investment targets to inform management oversight and reporting, including budget, planning, and investment decision–making going forward. This information should be used as part of the Library’s performance management process—In early FY 2017, a contractor performed a disciplined uniform quality review on all major SDLC projects. This review served as a baseline measure of all overall compliance to PMLC and SDLC. A contractor also assisted the PMO in creating revised PMLC and SDLC guidance which includes best practices for project scheduling, risk management, requirements management, and project cost estimation. The draft PMO LCR specifies that the PMO is responsible for enforcing the Library’s PMLC and SDLC methodologies. Once the LCR has been promulgated, the OCIO will issue Library–wide procedures that communicate the mandatory requirements of the PMLC and SDLC processes. The estimated completion date is the third quarter of FY 2017.
For all technology investments, the Librarian should: (1) require service units and sponsors of significant IT investments (regardless of funding source) to complete a business case document that demonstrates how each IT project would meet organizational needs; outlines benefits, estimated costs, and risks, including the results of a cost–benefit analysis; and establishes a preliminary schedule for implementation; (2) require the business case document to be submitted to the ITSC for review during an early phase of product development and require the business case to be periodically reviewed and verified by ITSC with respect to the business need(s) being supported; (3) direct the CFO to develop the capability to fully project, capture, and track the actual costs of IT–related activities, including payroll costs; and (4) require the SPO or another unit to develop the capability for the Librarian and her immediate leadership team to monitor significant IT investments across the Library’s various planning, budgeting, program/project management, and financial accounting systems to reveal inefficiencies and ineffectiveness in order to address problems in a timely manner—The draft ITIM LCR requires service units to submit business case documents (IT investment proposals) that support and justify all technology investments. The IT investment proposal should demonstrate how each IT investment meets organizational needs, outlines benefits, estimates costs, and describes risks associated with the investment. The costs of the IT–related activities should be fully captured in the IT investment proposal, and the execution of those costs is tracked in a quarterly report on the health of the IT investment.
The ITSC is required to review all of the IT investment proposals and pro–pose an annual IT investment portfolio for EC and Librarian review and approval. It is in the ITSC review process that significant IT investments are identified, and it is in the quarterly health report process that inefficiencies and ineffectiveness should be revealed to allow for problems to be addressed in a timely manner. The estimated completion date is the third quarter of FY 2017.
To become more cost efficient and to ensure that eCollection activities are meeting the Library’s strategic business objectives, the Library needs an overarching, transformative eCollections Strategy for collecting electronic works that does the following: groups programs, projects, and other IT work together to facilitate effective portfolio management of activities related to collecting electronic works, including born–digital works; identifies the Library’s organizational priorities related to these programs and projects and other IT work, makes investment decisions, and allocates resources accordingly; and focuses on meeting common requirements that span across the Library’s service units—The Digital Collecting Plan was approved by the Librarian in January 2017. OIG has asked Library Services for more information on how the Plan addresses the recommendation. The estimated completion date is the third quarter of FY 2017.
Report summary: OIG audited the Prints and Photographs (P&P) Division’s administrative and accounting controls over its collection. The Library and the P&P Division should conduct an assessment of the risks posed by the P&P Division’s growing arrearage and respond accordingly with a mitigation plan—The assessment team was established, the team’s charge issued, and the assessment started. Library Services and the P&P Division will conduct an assessment and respond with a mitigation plan by December 2017. This plan should be informed by the policies and procedures established through the responses to recommendation 6 of 2014–PA–106, and will be completed after that report. The estimated completion date is the first quarter of FY 2018.
The Library should examine its strategic plan (e.g., the plan’s objectives and performance measures), policies, procedures, and other parts of its internal control system to determine whether Library–wide controls adequately respond to the risks posed by arrearage, including establishing a sustainable level of arrearage—Library Services established an Annual Performance Goal for arrear–age reduction with milestones to ensure timely completion and to begin to align arrearage risk assessment with strategic planning and other parts of the internal control system. The first quarter goal for the Arrearage Reduction Annual Performance Goal was met by issuing the charge to the assessment team. The text of the milestone was, “Arrearage Assessment Team formed and scope of work defined.” The next milestone, due March 31, 2017, was to “gather data on existing physical, preservation, and inventory control measures.” The estimated completion date is the fourth quarter of FY 2017.
The Library should provide the P&P Division’s arrearage data along with the Library’s other arrearage data in its Annual Reports to Congress—Library Services will add this arrearage to the FY 2017 annual report. The estimated completion date is first quarter of FY 2018.
Report summary: OIG assessed the Development Office’s IT system known as Raiser’s Edge, an electronic tool for managing fundraising activities.
Recommendation: System managers for Raiser’s Edge should regularly review the system’s transaction logs for suspect data events—Raiser’s Edge was upgraded and new tools were implemented in December 2016 and January 2017. Guidance for reviewing transaction logs was provided by the Library’s IT Security Group to the designated Information System Security Officer for Raiser’s Edge.
Establish a centralized Library–wide PMO to communicate and enforce the Library’s PMLC/SDLC methodology and to ensure the Library’s major IT projects are effectively managed in a consistent manner across all service units. The central PMO should continuously monitor all SDLC projects and update all SDLC plans and instructions for Library–wide distribution—On February 19, 2017, the Library formally established the IT PMO whose responsibility is to communicate, monitor, and enforce compliance with, the Library’s PMLC/SDLC methodology.
Perform disciplined uniform performance and quality reviews (preferably by the PMO) on all major SDLC projects in the Library—In early FY 2017, a contractor performed disciplined uniform performance and quality reviews on all major SDLC projects. In addition, the contractor assisted the PMO in creating revised PMLC and SDLC guidance to support ongoing performance and quality reviews.
Implement a Capital Planning and Investment Control process, to include Office of Management and Budget Exhibit 300 data and information to enable IT investment alignment with the Library mission and to support business needs while minimizing risks and maximizing returns throughout the investment's life cycle—OCIO is actively engaged in the second fiscal year of its comprehensive, Library–wide IT investment process, which includes a clear linkage to the Library’s strategic plan. While the process will continue to mature, OCIO believes that this recommendation has been fully implemented.
Establish a formal process to reconcile cost variance reported by service units to the ITIM Portfolio Officer—OCIO has fully implemented a formal process for reconciling cost variance as reported by service units to the ITIMPO.
The P&P Division should develop and implement in final form a division–wide policy and associated procedures to ensure consistent call slip–related activities and to facilitate management’s efforts to hold division personnel accountable for meeting these requirements—The P&P Division implemented, division–wide, a new call slip policy on October 1, 2016.
The P&P Division should start conducting regularly scheduled inventories that involve comparing the division’s call slip records to the physical assets that were removed, with special attention to confirming the removed materials’ locations. These oversight activities should be outlined in the new division–wide call slip policy and associated procedures—The P&P Division updated its call slip policy document to include a provision for regular inventory of older call slips. The Division continues to inventory older call slips on a regular basis.
The P&P Division should serially control its call slips and the Library should consider options for developing a central electronic database of materials removed via call slips to improve tracking capability—The P&P Division began using the serially numbered call slips in October 2016. OIG is seeking additional information about the P&P Division’s review of options for a central electronic database. The estimated completion date is the third quarter of FY 2017.
The Library should ensure that the P&P Division’s information–related requirements have been identified and taken into consideration when evaluating possible replacements to the current Integrated Library System—The New and Expanded Program Request for the next generation ILS has been postponed.
During the reporting period, there were no instances in which the Library refused to provide information or assistance or interfered with OIG’s independence.
During the reporting period, there were no reports or recommendations more than six months old without management decisions. There were also no reports or recommendations for which no management comment was made within 60 days.
There were no significant revised management decisions during the reporting period.
There were no significant management decisions with which we disagreed during the reporting period.
There were no instances during the reporting period in which we completed an inspection, evaluation, or audit without disclosing it to the public. All such products are listed on our website at www.loc.gov/about/oig.
On March 31, 2016, OIG’s audit division was the subject of a Council of the Inspectors General on Integrity and Efficiency (CIGIE) peer review by the Peace Corps OIG. The audit division obtains a CIGIE external peer review at least once every three years. Peace Corps OIG concluded that the audit division’s system of quality control has been suitably designed and complied with to provide reasonable assurance of conforming with applicable professional standards in all material respects. Accordingly, the Peace Corps OIG provided a “pass” rating and no recommendations were made. The audit division does not have any outstanding recommendations from a peer review.
OIG did not conduct a peer review of another audit organization during this reporting period. OIG com–pleted its last peer review of the Corporation for National Community Service OIG in April 2016. OIG did not make any recommendations in the peer review and does not have any outstanding recommendations from past peer reviews conducted of other audit organizations.
HELP PROMOTE INTEGRITY, ECONOMY, AND EFFICIENCY
REPORT SUSPECTED FRAUD, WASTE, ABUSE, OR MISMANAGEMENT
COMPLAINTS MAY BE MADE ANONYMOUSLY
LIBRARY OF CONGRESS
101 INDEPENDENCE AVENUE S.E.
WASHINGTON, DC 20540 –1060
MAIN TELEPHONE NUMBER: (202) 707–6314
FAX NUMBER: (202) 707–6032
HOTLINE TELEPHONE NUMBER: (202) 707–6306
HOTLINE ONLINE FORM: http://www.loc.gov/about/office–of–the–inspector–general/contact–us/
P.O. BOX: 15051 SE Station
Washington, DC 20003–9997
Any information you provide will be held in confidence. However, providing your name and a means of communicating with you may enhance our ability to investigate.
Office of the Inspector General 101 Independence Avenue SE Washington, DC 20540–1060 Tel 202.707.6314 Hotline202.707.6306 www.loc.gov/about/oig/