Skip to main content

Semi Annual Report September 2017 - Annual Reports

This is the accessible text file for the semiannual report issued by the Library of Congress Office of the Inspector General (OIG) in September 2017.

This edition of the Offi ce of the Inspector General’s Semiannual Report to Congress highlights the origin of the card catalog at the Library of Congress and a number of its literary treasures. The recent publication The Card Catalog: Books, Cards, and Literary Treasures, compiled by the Library of Congress with forward by Librarian Dr. Carla Hayden, provides a brief history of card catalogs, describes the Library of Congress’ role in its history, and showcases images from the Library’s collection. The Library holds some of history’s most beloved first-edition rare books, prints, and photographs. Images of collection cards show beautifully handwritten script while others are typed with notes and scribbles in the margins. The card catalogs were phased out in the 1980s as computers gained popularity. However, for some bibliophiles, the nostalgia of the card catalog will never fade. In 1985, historian Barbara Tuchman wrote, “For me the card catalogue has been a companion all my working life. To leave it is like leaving the house one was brought up in.”

September 30, 2017

MESSAGE FROM THE INSPECTOR GENERAL

In a congressional hearing in June before the Committee on House Administration, Librarian Dr. Carla Hayden outlined steps taken to strengthen the Library’s information technology (IT) management. I also noted in my own testimony at the hearing that significant changes had occurred, such as the hiring of the Library’s first professional Chief Information Officer in Mr. Bernard A. Barton, Jr. These developments are of critical importance because the Library, whose very essence involves collecting and conveying information, cannot succeed in the information age without a highly functioning, efficient, and leading edge digital infrastructure.

Going forward, as stated in my testimony, the Library must create a strong organization-wide strategic plan that establishes goals with specific and aggressive outcomes. The Library’s current strategic plan for fiscal years 2016-2020 was created to be a “living” plan, intended to be revised once a new Librarian arrived. Until the new plan has been established, strategic planning for IT and digital collections will lack the necessary synchronization; the Librarian has stated that the new organization-wide strategic plan will be completed in 2019. In the absence of a revised strategic plan, Library units have created separate IT and digital collection strategies, which puts the Library at risk for duplication of efforts. To better assess the situation, the Offi ce of the Inspector General (OIG) has initiated an engagement to evaluate the Library’s progress in developing the new plan. The topic of digital strategic planning is addressed in greater depth in this report’s Top Management Challenges section.

During this semiannual period, we issued several reports. As part of the OIG’s ongoing emphasis on the Library’s IT governance, operations, and best practices, we conducted an IT security vulnerability scan and evaluation. OIG also examined the Library’s internal controls for gift funds to determine whether they were appropriately designed and implemented and working effectively. Additionally, OIG supervised the annual audit of the Open World Leadership Center’s financial statements for fiscal year 2016.

The Library implemented 58 of our recommendations from prior semiannual periods. Thirty- one of the recommendations are not identified here because they were in reports that were not released publicly.

Kurt W. Hyde Inspector General

Table of Contents

  • Profiles
  • Top Management Challenges
  • Digital Strategic Planning and Execution
  • Contracting
  • Audits, Surveys, and Reviews
  • Open World Leadership Center
  • The Library’s Controls for Three Gift Funds are Generally Working but Need to Be Enhanced
  • IT Scanning and Security Configuration Management Results on Selected Systems
  • Other OIG Audit Activities
  • Inspector General Testified at Hearing on IT Management
  • Review of Legislation and Regulations
  • Investigations
  • Unimplemented Recommendations
  • Implemented and Closed Recommendations
  • Funds Questioned or Put to Better Use
  • Instances of the Library Refusing to Provide Information or Assistance or Interfering with OIG’s independence
  • Status of Reports or Recommendations
  • Significant Revised Management Decisions
  • Significant Management Decisions with Which OIG Disagrees
  • Instances in Which an Inspection, Evaluation, or Audit Was Completed and Not Disclosed to the Public
  • Peer Review Reporting
  • OIG Organizational Chart
  • Hotline Information

Profiles

Library of Congress

The Library is the research and information arm of the United States’ national legislature and the world’s largest storehouse of knowledge. The Library’s mission is to provide Congress, the federal government, and the American people with a rich, diverse, and enduring source of knowledge that can be relied upon to inform, inspire, and engage them, and support their intellectual and creative endeavors. This mission is accomplished through the work of approximately 3,100 permanent employees.

Founded in 1800, the Library is also the nation’s first federal cultural institution, holding more than 164 million physical items on approximately 838 miles of bookshelves. These items include books and other print materials, recordings, photographs, maps, sheet music, and manuscripts. In addition to its three Capitol Hill buildings and Taylor Street Annex in Washington, DC, the Library operates six overseas offices and stores collections material in purpose-built facilities in Maryland, Illinois, and at the Packard Campus of the National Audio-Visual Conservation Center in Culpeper, Virginia.

The Library has eight primary components:

  • The Office of the Librarian
  • The Office of the Chief Operating Officer
  • The Office of the Chief Information Officer
  • Library Services
  • The U.S. Copyright Office
  • The Congressional Research Service
  • The Law Library
  • National & International Outreach

The Office of the Librarian provides leadership and executive management to the Library, overseeing the implementation of the Library’s mission. It includes the Deputy Librarian, the Office of the Chief of Staff, the Office of the Chief Operating Officer, and the Office of the Chief Information Officer.

The Office of the Chief Operating Officer manages and administers the Library’s infrastructure functions and daily operations, including oversight of Human Resources Services, the Office of the Chief Financial Officer, Contracts and Grants Management, Integrated Support Services, and Security and Emergency Preparedness.

The Office of the Chief Information Officer ensures that the Library’s information technology (IT) resources meet current and future mission requirements and operate effectively to serve Congress and the American people, while also providing IT services, security, and expert guidance on IT matters within the Library.

Library Services performs the traditional functions of a national library: acquisitions, cataloging, preservation, and reference services for both digital and conventional collections. It operates the National Audio-Visual Conservation Center and the American Folklife Center, among other programs.

The U.S. Copyright Office administers the nation’s copyright laws for the advancement of the public good; offers services and support to authors and users of creative works; and provides expert impartial assistance to Congress, the courts, and executive branch agencies on questions of copyright law and policy.

The Congressional Research Service supports the legislative process by providing, exclusively to Congress, objective, confidential, and nonpartisan assessments of public policy issues and legislative options for addressing those issues.

The Law Library assists Congress and the legislative process by providing comprehensive research on foreign, comparative, international, and U.S. law, and other legal reference services.

National & International Outreach manages and develops programs that have a national scope, such as the National Library Service for the Blind and Physically Handicapped; those that operate as cost recovery services; and those that foster access to the Library’s collections for research, teaching, and visitor education.

In fiscal year (FY) 2016, the Library

  • drew a record 1.78 million visitors to its Capitol Hill buildings;
  • responded to more than 1 million reference requests from Congress, the public, and other federal agencies;
  • circulated approximately 22 million copies of braille and recorded books and magazines to more than 800,000 blind and physically handicapped reader accounts; and
  • registered over 414,000 copyright claims.

Office of the Inspector General

The Library’s Office of the Inspector General (OIG) was established in 1988 as a non-statutory office deriving its authority from the Librarian of Congress. OIG became statutory with the passage of the Library of Congress Inspector General Act of 2005 (2 U.S.C. § 185), with a mandate to

  • independently conduct and supervise audits and investigations of fraud, waste, and abuse relating to the Library;
  • lead, coordinate, and recommend policies to promote economy, efficiency, and effectiveness; and
  • keep the Librarian of Congress and the Congress fully and currently informed about problems and deficiencies relating to the administration and operations of the Library.

The Inspector General is a member of the Council of the Inspectors General on Integrity and Efficiency, a unified council of all federal statutory Inspectors General. This semiannual report is part of OIG’s statutory reporting requirements and presents information on

  • the Library’s top management challenges;
  • significant audits, investigations, and other activities of the OIG;
  • OIG’s review of legislation and regulations affecting the Library; and
  • Library decisions on OIG recommendations and the status of implementation, along with any resulting monetary benefits.

The Audits Division conducts in-depth reviews that address the efficiency, effectiveness, and economy of the Library’s programs, activities, and functions; provides information to responsible parties to improve public accountability; facilitates oversight and decision- making; and initiates corrective action as needed.

The Audits Division also contracts with an independent accounting firm that examines whether financial statements fairly present financial positions, results of operations, and budgetary resources. The fi rm also assesses whether the Library and other entities have adequate financial reporting internal control systems that comply with applicable laws and regulations.

OIG reports are available at www.loc.gov/about/oig.

The Investigations Division addresses alleged or suspected wrongdoing by agency employees, contractors, or others responsible for handling federal resources. Violations of Library regulations or fraud committed against the Library can result in administrative sanctions and criminal or civil prosecution.

Contact information for the OIG Hotline is located on the inside back cover of this report.

Top Management Challenges

This section provides a summary of issues identified by OIG as posing significant challenges for the Library. In our March 2017 semiannual report, OIG identified five such challenges:

  • Strategic Planning and Performance Management. Many of the Library’s management challenges over the years have flowed from a historic lack of proper strategic planning and performance management.
  • Collections Storage. The Library has historically acquired materials faster than they can be processed, made accessible, and safely stored.
  • Digital Strategic Planning and Execution. A more strategic approach to digital services and collections is necessary because of the pace of digital innovation and the need for the Library to act on many fronts to execute a timely digital transformation.
  • Information Technology Infrastructure. The absence of an IT strategic vision resulted in substandard accountability for IT investments, poor IT governance, and an absence of IT best practices.
  • Contracting. An area of long-standing challenge, the Library needs to prioritize the importance of an effective organization-wide procurement function.

Going forward, OIG will select certain challenges to evaluate, assess the Library’s efforts in relation to them, and present findings in our semiannual report. In this semiannual report, we address two areas: (1) digital strategic planning and execution and (2) contracting. For the semiannual reporting period ending in March 2018, we will focus on: (1) information technology infrastructure and (2) strategic planning and performance management. OIG notified the Library via memorandum in September 2017 that we will be evaluating the steps taken to make improvements in these areas. Conducting more formal assessments of progress made in addressing and resolving the top management challenges identified by OIG is in line with the direction provided by the Chairman of the Committee on House Administration, who stated that he wanted the Library to address and resolve the Library’s top management challenges as identified by OIG. OIG plans to address the collections storage top management challenge and another area, as appropriate, in the September 2018 semiannual report.

DIGITAL STRATEGIC PLANNING AND EXECUTION

Over the last two and a half years, the Library has taken steps to strengthen its digital activities, but, as noted by OIG in previous semiannual reports, more needs to be done for the Library to develop a robust capacity to acquire, catalog, preserve, secure, and provide access to a universal collection of digital materials. Several initiatives were started across the Library, such as those outlined below, which will help inform and implement future digital activities. But the Library’s progress in establishing an organization-wide digital strategic plan has been sluggish– it was only recently initiated, and the critical path for the effort is not clear. For the Library to efficiently and effectively achieve its desired strategic, digital business objectives, it is imperative that the Library properly identify, prioritize, authorize, manage, and control all the necessary steps leading to and executing an organization-wide digital strategic plan. The Office of the Chief Information Officer (OCIO) has been designated as the lead for the digital effort, but Library senior leadership needs to be involved and institute oversight to provide direction and focus.

The Library’s eDeposit program, a digital collections initiative implemented in 2010, serves as a warning of what can go wrong in the absence of proper planning and implementation. As outlined in our April 2015 eDeposit audit report, OIG could not determine whether progress made after five years of effort had met management’s expectations because Library leadership had not established quantifi able expectations related to cost, performance, and project completion; the Library described its progress as “incremental.” [Footnote 1] As with the eDeposit program, the current effort to develop and execute an organization-wide digital strategic plan has not been managed using project management practices. Senior leadership must institute an oversight process that incorporates planning, performance management, and reporting processes.

The implementation of the Digital Collection Plan and creation of the eCollections Steering Group are two developments relevant to digital strategic planning and execution. In January 2017, primarily under the leadership of Library Services, the Library established and implemented the Digital Collection Plan to maximize already existing modes of acquiring digital materials and pilot new techniques for acquiring such content. The plan identifies six strategic objectives focused on expanding digital collections, such as e-serials, e-books, and digital sound recordings. For example, one of the plan’s strategies is to maximize receipt and addition to the Library’s collections of selected digital content submitted for U.S. Copyright purposes. In June 2017, the Library established the eCollections Steering Group to coordinate the development and execution of Library-wide policies, decision-making activities, and investments for the implementation of the Library’s digital collecting strategies and plans. The group– co-chaired by the Chief of Digital Collections Management and Services (a Library Services position) and the Deputy Chief Information Officer– consists of senior managers and staff with relevant expertise from OCIO, Library Services, Law Library, and the U.S. Copyright Office. It also coordinates with the Information Technology Steering Committee, which remains in place and will continue to oversee information technology investments. The Information Technology Steering Committee will continue, for example, to make recommendations to the Library’s Executive Committee for prioritizing investments and monitoring the execution of those investments.

What remains unclear is how the Digital Collection Plan and eCollections Steering Group fit within the larger effort to develop and execute an organization-wide digital strategic plan as well as the timing of the efforts needed to execute the full plan. Although the Digital Collection Plan helps to provide direction for collection-related activities, it does not address the technical capacity of OCIO to collect, store, and provide access to the material intended for collection, nor does it demonstrate alignment with meeting customer needs. Senior leadership’s expectations for progress are also unclear given that all movement has been halted on activities in the plan that fall under the oversight of the U.S. Copyright Office until a permanent Register is in place; the former Register resigned in October 2016. Like OCIO, Copyright has a significant impact on the Library’s digital collection activities. For example, the Library needs to ensure that electronic works transferred by the Copyright Office via copyright registration or mandatory deposit to the Library’s collections are protected from unauthorized copying and sharing. Further, the eCollections Steering Group may represent a step forward, but it remains unclear how the group can function effectively when senior leadership has not established performance expectations for its activities.

To ensure that activities associated with the Digital Collection Plan, the eCollections Steering Group, and other relevant efforts are moving in the right direction, senior leadership needs to establish an overarching plan that defines the critical path, work breakdown structures, and milestones to be met in the short-, intermediate-, and long-term over a five-year period toward the creation and implementation of an organization-wide digital strategic plan. This will allow Congress and senior management to measure progress, make necessary adjustments to maintain the pace of progress, and ensure that progress is in-line with accomplishing the goals of the Library’s organization-wide strategic plan.

To implement an organization-wide digital strategic plan in five years, OCIO needs to fill its knowledge and capability gaps. OIG believes that OCIO will need to obtain contract support to build a team with the right mix of qualified personnel. OCIO has made progress on this front by engaging an outside consultant starting in August 2017 to identify possible frameworks for the development of a digital strategy document in fiscal year 2018. Findings are scheduled for delivery in October 2017. OCIO also plans to increase its capacity and expertise by hiring a Digital Strategy Director and establishing a Digital Strategy Advisory Board. The Digital Strategy Director, who will report directly to the CIO, will be responsible for collaborating across Library service units in developing the digital strategy, leading the implementation of the strategy, and reporting on progress. The Digital Strategy Director will be supported by several staff members. The Digital Strategy Advisory Board will consist of top experts in meeting the digital collecting needs of world-class research or cultural institutions. They will provide their knowledge to help the Library develop its digital strategic plan.

We commend Library Services and OCIO for their progress, but emphasize the need for a clear timeline and milestones that aggressively moves the Library toward an organization-wide digital strategic plan that thoroughly aligns with the Library’s direction, priorities, strategic plan, and digital collection activities already underway. Only through this approach will the Library reduce its exposure to wasteful redundancies and ensure that it leverages its enterprise architecture and digital investments in a manner that supports its customers as a whole. In the past, the Library has had stalled digital initiatives and deliverables. The Library cannot succeed with a strategic approach that invokes undefined outcomes, inadequate performance measurements, and passive accountability for performance shortfalls. The Librarian and Executive Committee members should require all relevant actors involved in the digital area, along with OCIO, to deliver valid and verifiable performance metrics and to complement these with a management apparatus that continually reviews performance activity, identifies performance variances, and consistently oversees corrective activities. A less intense approach poses risks to achieving goals and serves to undermine efforts to assess and remedy performance shortfalls. We believe this approach will thrust the Library forward towards a digital leadership role.

CONTRACTING

The Library’s contracting function has been an area of long-standing challenge. We outlined a number of specific areas of improvement in a March 2012 report,[Footnote 2] and we are in the process of completing another audit that will identify additional improvements for this area of critical importance to the Library’s effective operations. The hiring of a new Director (a senior-level position) for the Office of Contracts and Grants Management (OCGM) in 2013 was a step forward and the Director has made efforts to improve the procurement function. In our recent audit, we found that the Library is making incremental progress, but the Library should strive for significantly more and timely progress given the importance of an effective organization-wide procurement function. Specifically, the Library needs to develop a proven framework for the procurement function, develop a strategic approach to managing the procurement workforce, and implement controls and other processes to provide valid and reliable data.

The Government Accountability Offi ce’s (GAO) Framework for Assessing the Acquisition Function at Federal Agencies (Framework) [Footnot 3] provides a useful guide to understanding what improvements are needed in the Library’s contracting function. For example, GAO states that senior agency leadership must articulate a strategic, integrated, and agency- wide vision for the procurement function where it holds managers accountable for their contributions to the procurement process. However, OIG could not locate a clear, concise plan that delineated short-, intermediate-, and long-term actions that would propel the Library toward the desired sustainable and scalable procurement function required to support its program goals, strategic goals, and overall mission. The Library’s Chief Operating Officer (COO) is well positioned to oversee the development of such a plan given that the COO oversees OCGM as well as the Office of the Chief Financial Officer and Human Resources Services, which are critical components to implementing an effective organization-wide procurement effort. To ensure that progress being made is meeting expectations, the plan should include quantifiable expectations related to cost, performance, and completion. Without this kind of strategic approach, the Library will continually find itself in a reactive posture in which the function will continually face high risks from inadequate operating systems, unreliable performance metrics, ongoing human capital defi ciencies, insufficient delivery of mission necessary goods and services, and poor internal control.

GAO’s Framework states that an agency must also have a strategic workforce plan that reflects the needs of the contracting function, something that OCGM is currently lacking. Such a plan should include strategies for recruiting, retaining, and developing contracting staff. The plan should also include performance measures to evaluate staff contributions in support of the agency’s procurement function and its mission and goals. After OIG’s 2012 report, Library management made an effort to revamp the OCGM workforce by moving employees out who were not performing under new standards. We commend the efforts made to deal with performance issues, but OCGM has been slow to fi ll vacancies and is now understaffed, which poses risks to its ability to function effectively. The stress created by being understaffed also makes it difficult for OCGM to operate in a strategic manner. The COO needs to place a priority on developing an effective human capital plan in order for OCGM to make progress in achieving the Library’s vision for the contracting function. To reverse this trend the COO should engage his Director and HRS to prioritize developing an effective human capital plan. The prolonged position vacancies have forced the Director to operate continually at the operational level with little time to plan, direct, and execute strategically. Such an environment exposes the procurement function to increasing risks, growing turnover, and declining customer service. Therefore, the COO should urgently initiate and implement a strategic human capital plan.

GAO’s Framework also notes that leading organizations gather and analyze data to identify opportunities to reduce costs, improve service levels, measure compliance with supplier agreements, and provide better management of service providers. The data captured and reported should be accurate, accessible, timely, and usable for procurement decision making and activity monitoring. To ensure that it is functioning effectively and efficiently, OCGM needs to determine whether it is properly leveraging available data to effectively and efficiently manage the contracting function. In particular, GAO notes that throughout the procurement, financial information should be tracked and communicated in a way that enables effective evaluation and assessment of acquisition activities. When financial data are not useful, relevant, timely, or reliable, the contacting function is at risk of inefficient or wasteful business practices.

As we complete our follow-up audit, the critical question for the Library, and specifically the COO, is whether the progress made over the last five years, since the Library focused on improving the contracting function, has been satisfactory and whether it should strive for significantly more and timely progress given the importance of an effective contracting function. It should be noted that before the issuance of our follow-up report Library management has started to implement corrective actions.

Audits, Surveys, and Reviews

Open World Leadership Center

Fiscal Year 2016 Financial Statements June 2017

The Open World Leadership Center (Open World) hosts emerging political and civic leaders from post-Soviet countries through its congressionally sponsored exchange program. Librarian Dr. Carla Hayden sits on Open World’s Board of Trustees.

Under OIG’s supervision, the accounting firm Kearney & Company, P.C. (Kearney) audited Open World’s fiscal year 2016 financial statements and issued its Independent Auditor’s Report. There were three components to the audit: Kearney’s opinion on the financial statements; its report on internal control over financial reporting; and its report on compliance with laws, regulations, contracts, and grant agreements. Kearney concluded that the financial statements were presented fairly, in all material respects, in conformity with generally accepted accounting principles (GAAP). They also did not identify any deficiencies in internal control that they considered material weaknesses or signifi cant deficiencies. Kearney also performed tests of Open World’s compliance with certain provisions of applicable laws, regulations, contracts, and grant agreements and found no noteworthy instances of noncompliance. In its supervision, OIG identified no instances in which Kearney did not comply, in all material respects, with generally accepted government auditing standards.

The Library’s Controls for Three Gift Funds Are Generally Working but Need to Be Enhanced

Audit Report No. 2016-PA-102 September 2017

OIG initiated the audit to determine whether the Library’s internal controls for gift funds are appropriately designed and implemented and working effectively. The Library is authorized to accept cash gifts for its benefit. Donors may stipulate terms and conditions that the Library is bound to honor upon accepting gifts, but all accepted gifts are subject to the Library’s accounting and budgetary internal controls.

OIG determined that the Library has internal controls that serve as a baseline for gift fund management. These controls include those related to receipts, budgeting, stewardship, and supervisory review. For example, the Library creates multi-year spending plans and has supervisory controls over spending. Nonetheless, OIG made recommendations to strengthen the Library’s control environment to ensure that it makes timely gift deposits, provides donors with proper donation instructions, and performs reconciliations of donation data.

OIG also judgmentally selected and reviewed three of the Prints and Photographs Division’s gift funds to determine whether specific controls were working effectively, such as whether proper supporting documentation was properly maintained, gift receipts and revenue were received and recorded, and expenditures were made according to the terms of the gifts. OIG identified that for one of the gift funds reviewed, the Library needs to improve its record-keeping, monitoring of changes to terms and conditions, communication of information to relevant stakeholders within the Library, and monitoring of stakeholders’ compliance with gift requirements.

Library management agreed with all of the findings and recommendations in the report. It should be noted that before the issuance of the report, Library management started to implement corrective actions.

IT Scanning and Security Configuration Management Results on Selected Systems

Report No. 2017-IT-101 September 2017

As part of OIG’s ongoing emphasis on the Library’s IT governance, operations, and best practices, OIG engaged SysAudits, LLC (SysAudits) to perform an IT security vulnerability scan and evaluation. The evaluation involved a review of the Library’s networks, servers, fi rewalls, routers, and network entry points. Wireless networks were excluded from the evaluation.

Information security is a critical part of any agency that depends on IT systems and computer networks to carry out its mission and meet operating objectives. In order for the Library to maintain a secure portfolio of business and program applications, its policies and procedures for information systems must address initial and ongoing secure-configuration practices. IT system and network element protections are met in part when components (e.g., servers, routers, and firewalls) are configured to established security settings and software is maintained with the latest security patches.

The evaluation found several areas where the Library is operating in accordance with IT security policies, procedures, and National Institute of Standards and Technology guidance. OIG also identified several areas for the Library to address and made recommendations as appropriate.

Library management agreed with all of our findings and recommendations. We have not included details about all of our findings and recommendations due to the sensitive nature of the information contained in them. The report was not issued for public release.

Other OIG Audit Activities

Inspector General Testified at Hearing on IT Management

The Inspector General appeared before the Committee on House Administration on June 8 to testify about IT management at the Library. Librarian Dr. Carla Hayden and Chief Information Officer Bernard A. Barton, Jr. also testified.

Review of Legislation and Regulations

Table 1 : Review of Library of Congress Regulations (LCRs) and Directives (LCDs)

  • Reviewed Comments by the Office of the Inspector General:
  • LCR 9-910, Hours of Duty -

    We commented that it was unclear how various work schedules are documented and how the arrangements are communicated to Human Resources Services. We also suggested wording changes that would clarify alternativework schedules.

  • LCR 9-920, Holiday Designations -

    We suggested wording changes for clarifi cation purposes.

  • LCD 5-920.4, Privacy Impact Assessments -

    We suggested adding language to include a reassessment ofadded information technology systems. We commented that the LCD does not discuss the assignment of an impact level during the Privacy Impact Assessment (PIA) and who is responsible for its execution. Further, we commented that it is imperative a PIA is an annual review regardless of when a major system upgrade may occur. We suggested that the LCD should be clear that the Library’s intent is to have an updated Privacy Threshold Analysis/PIA prior to ‘go-live' events of new or updated systems.

  • LCD 6-320.2, Payment Procedures -

    We suggested wording changes for clarifi cation purposes.

  • LCD 6-230.3, Operating Undera Continuing Resolution -

    We suggested it may be beneficial to develop a separate LCD to address the orderly shutdown of Library operations in the event of a Government shutdown, which can be referenced back to this LCD.

Investigations

As shown in table 2, during this reporting period, OIG issued three investigative reports and had no referrals. We opened seven investigations, closed two, and forwarded two to Library management for administrative action. Two complaints were opened, four were closed, one was converted to an investigation, and three hotlines were converted to investigations. With regard to our hotline program, we received fifty-five hotline communications. Twelve hotline communications were referred to management.

TABLE 2: Investigative Data

(Data in this table was compiled from a review of the Office of Investigation’s database and files. Three reports were issued, two of which were forwarded to Library management.)

  • Investigative Reports Issued (summarized below) 3
  • Referrals to the Department of Justice 0
  • Referrals to State and Local Authorities 0
  • Indictments/Criminal Information Resulting from Prior Referral to Prosecuting Authorities 0
  • Investigations Opened 7
  • Investigations Closed 2
  • Investigations Forwarded to Library Management for Administrative Action 2
  • Complaints Opened 2
  • Complaints Closed 4
  • Complaints Converted to Investigations 1
  • Hotline Converted to Investigations 3
  • Hotline Communications Received 55
  • Hotline Referrals to Management 12

Employee Misconduct, Possible Ethics Issues

As reported in our March 2017 Semiannual Report, OIG received a referral from the Office of the General Counsel concerning a possible conflict of interest issue with an employee’s book contract. An investigative report was issued and referred to Library management for action. Library Management counseled the employee through two actions. In a Counseling Memorandum citing Library of Congress Regulation (LCR) 9-1710, General Standards of Conduct, management counseled that staff members shall avoid any action that might result in: using public office for private gain; creating the appearance of impeding Library efficiency or economy; and making an offi cial Library decision outside of official channels. In a separate Counseling Memorandum issued as an Official Reprimand and citing LCR 9-1720, Conduct in Official Positions, management noted the employee’s inappropriate use of the Library's computer email system.

Unauthorized Access to a Secure Area

OIG received a request from the Library's Office of Security and Emergency Preparedness (OSEP) to investigate an incident concerning the unauthorized access and possible theft of collections material in a secure collections material area.

The investigation determined that two employees of the Architect of the Capitol (AOC) entered a secure storage cage in the Library's Thomas Jefferson Building by using a metal rod to force open a locking mechanism. In interviews conducted by the AOC OIG, both AOC employees admitted to prying open the door, stating that they had done so multiple times in the past. They also each stated that the United States Capitol Police (USCP) had not approached them at any point during that evening and that they were unaware of any Library or AOC policy regarding access-related matters. The investigation also determined that no universal Memorandum of Understanding or Inter-Agency Agreement exists between OSEP, Library facilities operations, Library service units, AOC, and USCP regarding access. Several service units have established written protocols with USCP to facilitate requests for access by AOC, but no standardized process was identifi ed during the investigation.

This issue will be addressed in a separate, proactive Library OIG review to determine how the Library's service units manage access-related matters and account for collections materials.

Employee Misconduct, Misuse of Library Computer

OIG received information from Library management concerning an employee who was possibly misusing their Library-issued computer. OIG conducted an investigation and determined that the employee had used the computer to visit inappropriate Internet sites. While under investigation by OIG, the employee retired, and the case was closed without action.

Employee Misconduct, Misuse of Library Computer and Mobile Phone

OIG received information from Human Resources Services concerning an employee who was possibly misusing their Library-issued computer and mobile phone. OIG conducted an investigation and determined that the employee had misused the computer to visit inappropriate Internet sites and the mobile phone to make personal phone calls. When interviewed, the employee admitted that they spent a considerable amount of time engaging in non-work related activities while on-duty. An investigative report was issued and referred to Library management for action.

Other Investigative Activity

There were no such investigations during this reporting period.

Investigations Involving a Senior Government EmployeeWhere Allegations of Misconduct were Substantiated

There were no such investigations during this reporting period.

Instances of Whistleblower Retaliation

There were no instances of whistleblower retaliation during this reporting period.

Closed, Undisclosed Investigations Involving Senior Level Employees

There were no such investigations during this reporting period.

Unimplemented Recommendations [Footnote 4]

We obtained comments from Library management on the status of all open recommendations. OIG summarized the comments provided for recommendation made in our publicly released reports and placed them in tables 3A and 3B. The assertions made in tables 3A and 3B are the representations of Library management and not of the OIG. OIG periodically performs follow-up audits to verify implementation.

Table 3A: Significant Recommendations from Previous Semiannual Reports for Which Corrective Action Has Not Been Completed

Subject, Report No., Issue Date, Office, Rec. No., Summary, and Status of Recommendation

Office of the Librarian / Office of the Chief Information Officer

Information Technology Strategic Planning Information Follow-Up, 2011-IT-103, December 2011, Office of the Chief Information Officer, I.2.C

Report summary: OIG evaluated the Library’s information technology (IT) strategic plan as a follow-up to a review completed in 2009.

Recommendation: Account for all IT costs, including computer security, as part of the IT budgetary process—The final Library of Congress Non-Personnel IT Expenditures Report was published in March 2017; it was provided to the Technology Business Management (TBM) Working Group and the Information Technology Steering Committee (ITSC). In the meantime, the Office of the Chief Information Officer (OCIO) is working with the Office of the Chief Financial Officer (OCFO) to use the IT Towers structure identified in the FY 2018 Investment Portfolio Framework in lieu of FY 2017 IT Expenditure Code beginning with the FY 2018 budget cycle. The estimated completion date is the second quarter of FY 2018.

Maturity of System Development Life Cycle Processes and Procedures, 2013-IT-105,February 2015, Office of the Chief Information Officer, 4

Report summary: OIG evaluated the Library’s System Development Life Cycle (SDLC) methodology for acquiring, designing, implementing,and maintaining IT systems. Recommendation: Establish a budget methodology to track project development costs and measure variances against approved costs—The Project Management Office (PMO) project database has been updated to capture staffing costs and all new FY 2018 project resource estimates are now being entered into the PMO database as projects are approved. Additionally, reports have been developed in the PMO database which will show variance between planned and actual resource allocations. To track actuals, PMO plans to leverage a separate but related initiative to collect staff hours using Web TA, the Library’s electronic payroll system, and PMO will partake in a joint OCFO/Human Resources Services/OCIO effort to assess the feasibility of using WebTA for this purpose. The estimated completion date is the second quarter of FY 2018.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, IV.1.B

Report summary: OIG reviewed the Library’s internal controls for tracking IT investments.

Recommendation: Provide training and awareness of the ITSC oversight process for mid- and senior-level managers across the Library (all services units)— The draft Information Technology Information Management (ITIM) Library of Congress Regulation (LCR) that describes the oversight role of the ITSC was signed by the Librarian in June 2017. The ITIM Portfolio Office (ITIMPO) has also conducted training for mid- and senior-level resource and project managers. In the meantime, ITIMPO continues to provide ITIM process training, such as at ITSC and Web Governance Board meetings. Following the promulgation of the ITIM LCR, process training has been added to the agenda at the fall 2017 IT Collaborative Forum. These activities are currently under review by OIG. The estimated completion date is the first quarter of FY 2018.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, V.1.A

Align current cost development processes for IT investments to coincide with requirements for Office of Management and Budget (OMB) reporting, such as the use of an earned value management system to track costs on high-risk projects, as discussed in Capital Programming Guide, V.3.0, Supplement to OMB Circular A-11: Planning, Budgeting, and Acquisition of Capital Assets—The draft PMO LCR which entrusts OCIO with responsibility for the Project Management Life Cycle (PMLC) and SDLC directives, including but not limited to templates and guidance for milestones/scheduling, cost estimation, risk management, and requirements management for use during all applicable IT project phases, was signed by the Librarian in June 2017. OCIO revised and issued PMLC and SDLC guidance in August 2017. During FY 2017, the Library recognized the need to provide Library leadership with better transparency into IT spending and OCIO established the goal of implementing the TBM framework. Full maturation of the Library’s TBM implementation will likely benefit from systematic support as well as integration with the financial systems of record. The Library’s IT investment and IT project management process requirements will also be considered. The estimated completion date is the fourth quarter of FY 2019.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, V.1.B

Implementation of these practices may require procedural changes used by the service units for reporting expenditures and systemic modifications to Momentum and the budget system (Clarity) that are used for tracking costs—OCIO began collaborating with Library Services (LS) and OCFO to build Momentum transaction- level tracking of TBM-driven investment planning and execution data. OCIO and LS met with OCFO to discuss the use of Plan IDs, IT Expenditure Codes, and Service Units IDs to code Momentum transactions. Momentum tracking of IT investment spending throughout the fiscal year will significantly improve the accuracy of reported investment spending against the plan. Per the recommendation of the Chief Financial Officer (CFO), guidance will be issued to service units to code FY 2018 non-personnel ITIM planning information using OCIO’s FY 2018 IT Towers/ Sub Portfolio structure. The estimated completion date is the fourth quarter of FY 2018.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, V.2.A

Use primary source documentation throughout the ITSC process. Part of the ITSC package should include financial system information, budgetary information, acquisition system information, as well as performance monitoring information—OCIO is working closely with OCFO to design and implement systematic coding structures within the financial systems that will support pulling IT investment expenditure reports directly from those systems of record rather than relying on self-reporting. Lessons learned from FY 2017 reporting are being incorporated into the reporting process for FY 2018. The estimated completion date is the second quarter of FY 2018.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, V.2.C

Institute better tracking of IT investments through changes in th Momentum and Clarity financial systems—See the status update provided for recommendation V.1.B for 2014-IT-101. The estimated completion date is the fourth quarter of FY 2018.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, VII.1.A

The Chief of Staff should implement a continuous improvement program within the Executive Committee (EC) and ITSC to identify opportunities for process improvement in the areas of cost accounting, performance management, and all areas of the ITSC—The ITSC process for reviewing and approving IT investments has changed as the process has matured. Specifically, costs for IT investments are estimated by OCIO to ensure a level of consistency in estimating techniques. Additionally, OCIO is leading the implementation of a TBM model at the Library. This model is intended to put metrics in place to improve performance management and decision-making. The estimated completion date is the third quarter of FY 2018.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, VII.2.B

Define benchmarks for ITSC management processes against appropriate public and private sector standards, organizations, and/ or processes in terms of costs, speed, productivity, and quality of outputs and outcomes to measure steering committee effectiveness— The ITSC LCR, which defines benchmarks for ITSC management processes against appropriate public and private sector standards, organizations, and/or processes, was signed by the Librarian in May 2017. In FY 2017, the ITSC and TBM Working Group adopted a benchmarking framework based on the TBM taxonomy (IT towers). The ITSC established a benchmark for spending on new IT initiatives and capabilities and a benchmark for spending on operations and maintenance activities. Data to support reporting on these benchmarks was gathered as part of FY 2018 IT investment planning. Regular reporting against other Federal agencies will occur in FY 2018. These activities are currently under review by OIG. The estimated completion date is the first quarter of FY 2018.

eDeposit and eCollections Strategy, 2014-PA-101, April 2015, Office of the Chief Information Officer, 2

Report summary: OIG evaluated the Library’s efforts to ingest and make available for use electronic works (born-digital content).

Recommendation: The Librarian should require the Architecture Review Board (ARB) to: ensure that the eCollections Strategy and related activities are sufficiently addressed in the enterprise architecture’s (EA) current or “as-is” environment, the target or “to-be” environment, and the road map leading from the “as-is” to the “to-be” environment; sufficiently address and reduce the risk of implementing duplicative, poorly integrated, and unnecessarily costly eCollection activities; and sufficiently address the need for “robust security” to prevent “loss, alteration, and unauthorized access” of eCollections items—Processes are being established. First, the Cyclical EA Development process requires the current state to be documented/validated and that a future state, linked to business outcomes, be planned. A transition plan for moving from the current to the future state is also required. The ARB reviews future state and transition plans to ensure sufficient planning has occurred. Second, the Cyclical EA Development process requires that all future state elements be linked to business outcomes. This allows the ARB to review all future state activities to identify potentially duplicative functions and recommend that they be merged to the ITSC. Third, the Library’s IT Security Program and Systems Development Lifecycle addresses the need for robust security to prevent loss, alteration, and unauthorized access of all Library IT systems and electronically stored information. The estimated completion date is the second quarter of FY 2018.

eDeposit and eCollections Strategy, 2014-PA-101, April 2015, Office of the Chief Information Officer, 4

The Librarian should take the following steps to implement better governance and accountability in order to ensure timely implementation of the Librarian’s vision to acquire digital works: create a mechanism for the Librarian and her immediate leadership team to receive executive-level reports on a regular basis on eCollection activities, mandate their review, and take timely action as necessary to ensure that such activities stay in-line with the Librarian’s vision and with senior leadership’s cost, schedule, and performance expectations; provide greater clarity on the role of the EC in monitoring and overseeing cross-cutting IT programs; and ensure the EC’s consistent involvement, support, and oversight of the eDeposit Program and the eSerials Project—A charter has been finalized for the eCollections Steering Group, which is responsible for developing and implementing the eCollections Strategy. The charter was reviewed by OCIO and LS with approval from the Librarian and EC. The eCollections Steering Group delivered the fi rst required report (including the charter) to the Librarian and EC. The business strategies, goals, and requirements for eCollections are coordinated with the existing strategic documents created and maintained by the LS Collections Development Office. IT investments budgeted for each fiscal year are now being coordinated by OCIO to ensure that IT investment resources (estimated and actual) are linked to business investments and requirements (e.g., TBM). Because the Library’s new strategic plan is still being developed, the estimated completion date is the third quarter of FY 2018, but may change depending on when the strategic plan is issued. This approach allows the eCollections strategic documents, IT investment plans, and governance and accountability efforts to be coordinated with the strategic plan. Until the strategic plan is in place, the eCollections Steering Group will report regularly to the Librarian and EC to enable their ability to initiate and provide appropriate involvement, support, and oversight of the eCollections activities, including the cross-cutting IT programs that support the acquisition, ingest, and protection of digital works. The estimated completion date is the third quarter of FY 2018.

eDeposit and eCollections Strategy, 2014-PA-101, April 2015,Office of the Chief Information Officer, 5

ITSC does not have the necessary data to align information technology goals, objectives, and priorities with the strategic needs and plans of the Library. The Librarian should do the following to correct this: direct the CFO to provide information on the full universe of IT investments budgeted in each fiscal year for eCollection activities to the ITSC on an ongoing basis, as well as provide actual yearto- year costs for budget versus actual comparisons; require ITSC to formulate approval and monitoring criteria that align with the Library’s organizational priorities as stated in an eCollections Strategy and associated enterprise architecture, as well as with common requirements spanning the Library’s service units for ingesting and protecting electronic works; and require the chair of the ITSC to report regularly to the Librarian, her designee, and/or the EC about ITSC decisions and oversight issues related to the schedule, cost, and performance of eCollection activities—See the status update provided for recommendation 4 for 2014-PA-101. Additionally, the common requirements spanning the Library’s service units for ingesting and protecting electronic works are coordinated with the existing strategic documents created by, and maintained by, the LS Collections Development Office and LS business requirements under development (as referenced in the eCollections Steering Group charter). The estimated completion date is the third quarter of FY 2018.

eDeposit and eCollections Strategy, 2014-PA-101, April 2015, Office of the Chief Information Officer, 6

To improve the organizational and financial management of its eCollection activities, the Librarian needs to require that service units: adopt and implement Library-wide best practices for standardizing program and project management to increase the likelihood of delivering effective digital transformations on time and on budget; and collect, track, and use quantitative data demonstrating variances in project delivery and investment targets to inform management oversight and reporting, including budget, planning, and investment decision-making going forward. This information should be used as part of the Library’s performance management process—The draft PMO LCR describing the PMO’s role and responsibilities, which enforces the Library’s PMLC and SDLC methodologies, was signed by the Librarian in June 2017. OCIO has revised and issued the PMLC and SDLC directives in August 2017, which include best practices for project scheduling, risk management, requirements management, and project cost estimation. OIG is currently reviewing these activities. The estimated completion date is the second quarter of FY 2018.

eDeposit and eCollections Strategy, 2014-PA-101, April 2015, Office of the Chief Information Officer, 7

For all technology investments, the Librarian should: (1) require service units and sponsors of significant IT investments (regardless of funding source) to complete a business case document that demonstrates how each IT project would meet organizational needs; outlines benefits, estimated costs, and risks, including the results of a cost-benefit analysis; and establishes a preliminary schedule for implementation; (2) require the business case document to be submitted to the ITSC for review during an early phase of product development and require the business case to be periodically reviewed and verified by ITSC with respect to the business need(s) being supported; (3) direct the CFO to develop the capability to fully project, capture, and track the actual costs of IT-related activities, including payroll costs; and (4) require the Strategic Planning Office [currently known as Strategic Planning and Performance Management (SPPM)] or another unit to develop the capability for the Librarian and her immediate leadership team to monitor significant IT investments across the Library’s various planning, budgeting, program/project management, and financial accounting systems to reveal inefficiencies and ineffectiveness in order to address problems in a timely manner—

The draft ITIM LCR which describes the oversight role of the ITSC was signed by the Librarian in June 2017. As documented in the LCR, service units and sponsors of IT investments are required to (1) complete a business case document that demonstrates how each investment meets organizational needs, outlines the investment’s benefi ts, identifies risks, and establishes schedule milestones. Personnel and non-personnel resource estimates are prepared to be included in the proposed IT investment portfolio for the fi scal year or as needed for out of cycle business case proposals. (2) complete a business case document to be submitted to the ITSC for review during the early phase of product development and require the business case to be periodically reviewed and verifi ed by ITSC with respect to the business need(s) being supported. In the meantime, the Library has implemented the requirement to fully project, capture, and track the actual costs of non-personnel activities as part of the ITIM LCR. A cost benefit analysis for the tracking of payroll costs is planned for FY 2018 after which time a decision will be made about the feasibility of tracking payroll costs. Finally, the Library has established reporting requirements for significant IT investments in the ITIM LCR. OCIO and OCFO are working collaboratively to establish the ability to trace non-personnel transactions across the Library’s various planning, budgeting, program/project management, and financial accounting systems to reveal inefficiencies and ineffectiveness in order to address problems in a timely manner. This ability is being implemented to coincide with the beginning of FY 2018. The estimated date of completion is the fourth quarter of 2018.

Purchase Card Program, 2015-PA-102, March 2017, Office of the Chief Financial Officer, 2

Report Summary: OIG completed an interim report to alert Library management that purchase card program policies needed to be updated, program internal controls needed to be updated, and program personnel needed to be held accountable for upholding program policies.

The Program Coordinator and OCFO management should assess the purchase card program’s risks and internal controls, update internal controls that are critical to the program’s proper performance, and Officer outline these controls in updated policies and procedures. This includes incorporating the purchase card program within the Internal Control Program as appropriate—A Risk Assessment Management Plan has been developed and monitoring will be conducted weekly, monthly, and annually depending on the nature of the risk response plan. The estimated completion date is the fourth quarter of FY 2018.

Purchase Card Program, 2015-PA-102, March 2017, Office of the Chief Financial Officer, 4

The Program Coordinator should reexamine its activities related to collecting and reporting program data. The coordinator should implement new procedures to ensure that comprehensive and accurate data are collected and reported to OCFO management for monitoring purposes. These activities should be outlined in the program’s updated policies and procedures—Performance plans for purchase card coordinators have been updated and include more responsibility details on purchase card program oversight tasks. Oversight responsibilities are included in the program’s updated policies and procedures and will be implemented in the fi rst quarter of FY 2018.

eDeposit and eCollections Strategy, 2014-PA-101, April 2015, Library Services, 1

To become more cost efficient and to ensure that eCollection activities are meeting the Library’s strategic business objectives, the Library needs an over arching, transformative eCollections Strategy for collecting electronic works that does the following: groups programs, projects, and other IT work together to facilitate effective portfolio management of activities related to collecting electronic works, including born-digital works; identifies the Library’s organizational priorities related to these programs and projects and other IT work, makes investment decisions, and allocates resources accordingly; and focuses on meeting common requirements that span across the Library’s service units—During the March 2017 semiannual period, LS reported that the Digital Collecting Plan was submitted to the Librarian in December 2016 and was subsequently approved on January 2017. During this semiannual period, the eCollections Steering Group was formally established and work has begun to develop and implement an over arching eCollections Strategy for the Library. The Digital Collecting Plan, which is limited in scope to actions directly involved with acquisitions and collecting, is a critical component of this work and the eCollections Steering Group will incorporate it, as appropriate, into the strategy being developed during FY 2018. The estimated completion date is the fourth quarter of FY 2018.

Prints and Photographs Division, 2014-PA-106, August 2016, Library Services, 5

Report summary: OIG audited the Prints and Photographs (P&P) Division’s administrative and accounting controls over its collection.

The Library and the P&P Division should conduct an assessment of the risks posed by the P&P Division’s growing arrearage and respond accordingly with a mitigation plan—The P&P Division completed an assessment of its arrearages in June 2017, as did the Manuscript Division, Music Division, Moving Image and Recorded Sound sections of the Motion Picture, Broadcasting and Recorded Sound Division, and the American Folklife Center. In August 2017, P&P drafted an arrearage mitigation plan. Th is plan is currently under review and will be finalized for delivery to the OIG in December 2017. The estimated completion date is the first quarter of FY 2018.

Prints and Photographs Division, 2014-PA-106, August 2016, Library Services, 7

The Library should provide the P&P Division’s arrearage data along with the Library’s other arrearage data in its Annual Reports to Congress— Library Services will add this arrearage to the FY 2017 annual report. The estimated completion date is the first quarter of FY 2018.

Implemented and Closed Recommendations [Footnote 5]

Table 3B: Significant Recommendations from Previous Semiannual Reports Which Were Implemented or Closed During This Period

Subject, Report No., Issue Date, Office, Rec. No., Summary, and Status of Recommendation

Weaknesses in the Acquisition Function, 2011-SP-106, March 2012, Office of the General Counsel, II.G.1

Report summary: OIG evaluated the Offi ce of Contracts as a follow-up to a review completed in 2008. Recommendation: Develop directives that clearly set forth the policy and constraints for using LCR 2111—A training webinar is available on the Library’s Skillport website. Library of Congress Directive 7-211.1, which provides guidance on the factors necessary to establish an independent contractor relationship, has been issued.

Maturity of System Development Life Cycle Processes and Procedures, 2013-IT-105 February 2015, Office of the Chief Information Officer, 1

Recommendation: Issue a Library-wide policy that communicates the mandatory requirements of the SDLC process outlined in the existing Information Technology Services Project Management Guide to ensure consistent management of the Library’s IT projects—The PMO LCR describing the PMO’s role and responsibilities, which enforces the Library’s PMLC and SDLC methodologies, was signed by the Librarian in June 2017. OCIO also revised and issued PMLC and SDLC guidance in August 2017, which communicates the mandatory requirements of the PMLC and SDLC processes.

Maturity of System Development Life Cycle Processes and Procedures, 2013-IT-105 February 2015, Office of the Chief Information Officer, 5

Establish a central data repository with the EA and/or PMO to store all project artifacts, including cumulative cost and schedule data. In addition, periodically perform an internal and/or external inspection of the Library’s IT projects and update the EA repository with the results of the inspection if necessary—The PMO LCR describing the PMO’s role and responsibilities, which specifies that the PMO is responsible for establishing and maintaining a central data repository for Procedures project artifacts, was signed by the Librarian in June 2017. OCIO also revised and issued PMLC and SDLC guidance in August 2017, which communicates the process for conducting periodic inspection of the Library’s IT projects.

Maturity of System Development Life Cycle Processes and Procedures, 2013-IT-105 February 2015, Office of the Chief Information Officer,6

Centralize the assessment of the Library’s IT portfolio with the PMO and prohibit the existing practice of service unit IT investment self-assessments—The draft PMO LCR describing the PMO’s role and responsibilities, which states that the PMO will conduct quarterly assessments of all major IT projects included in the Library’s IT Project Portfolio, was signed by the Librarian in June 2017.

Maturity of System Development Life Cycle Processes and Procedures, 2013-IT-105 February 2015, Office of the Chief Information Officer, 7

Revise LCR 1600 to clearly delineate ownership and stewardship of IT assets—The Librarian signed an LCR in May 2017 describing the Chief Information Officer (CIO)’s roles and responsibilities; it states that the CIO has responsibility across the agency over all aspects of managing the Library’s IT and digital strategies and resources. IT resources include all Library budgetary, personnel, equipment, and facilities resources and services that are primarily used for the management, operation, acquisition, disposition, and transformation or other activity related to the lifecycle of IT.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, I.1.A

Recommendation: Library policy documents (LCR 1600 and the Information Technology Steering Committee Charter) need to be updated with clear direction on members, roles, and responsibilities—The draft LCRs regarding the Information Resource Management, ITSC, ITIM, and ARB were signed by the Librarian in May and June 2017.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, I.1.B

Assign financial responsibility to the Chief Financial Officer (CFO) to strengthen accountability for enforcement of internal controls and linkage to the Library IT budget. Articulate the level and responsibilities of voting members from each service unit in the ITSC Charter. The Director of Strategic Planing should also be consulted to ensure that all IT capital investments have goals and that appropriate metrics have been defined—The ITSC LCR, which describes the CFO’s role, the responsibilities of ITSC voting members, and the participation of the Director of Strategic Planning and Performance Management (SPPM) with regard to the ITIM process, was signed by the Librarian in May 2017.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, I.2

The ITSC should report directly to the Chief of Staff or higher position. Clarify the roles and responsibilities of the Deputy Librarian/Chief of Staff in the ITSC policy/charter to strengthen ITSC oversight of IT investments—The ITIM LCR describing the role of the ITSC was signed by the Librarian in June 2017.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, I.3

Document the role and responsibilities of the CIO in the ITSC Charter. Restrict or eliminate the delegation of CIO responsibilities with respect to ITSC activities—The ITIM LCR describing the role and responsibilities of the CIO on the ITSC was signed by the Librarian in June 2017.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, II.1.B

Research cost effectiveness of using the General Services Administration-managed eCPIC tools as a method for institutionalizing capital planning activities—OCIO performed an analysis of the eCPIC tool as a method for institutionalizing capital planning activities and determined that an investment in eCPIC was not the most effi cient use of resources at this time. Rather, the requirements for an ITIM solution are being evaluated as part of a larger Library- wide initiative to identify potential opportunities for the consolidation and systematic integration of fi nancial and strategic planning workflows, performance management and reporting processes, and supporting automation tools across the Library. This was an initiative cosponsored by the CIO and CFO.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, II.3.A

Document roles for the CFO, Budget Officer, and Director of Grants and Contracts Management in the development of the ITSC Charter and LCR 1600 (guidance documentation) in the Library's technology investment process—The ITIM LCR, which describes the CFO and the Director of Contracts and Grants Management’s roles and participation in the ITIM process, was signed by the Librarian of Congress in May 2017.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, II.3.B

Improve internal budget/project communications and training on how to develop, capture, and report project costs uniformly across the service units—The PMO LCR describing the PMO’s role and responsibilities, which enforces the Library’s PMLC and SDLC methodologies, was signed by the Librarian in June 2017. In conjunction, OCIO has revised and issued the PMLC and SDLC guidance in August 2017, which includes how to develop, capture, and report estimated project costs uniformly across the service units for Library-wide usage.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, III.2.A

Appoint a permanent CIO responsible for IT investments, along with ensuring that Office of Management and Budget (OMB) Exhibit 300-type information is included in budget requests for IT investments—The ITSC LCR, which states that the CIO is the Chair of the ITSC, was signed by the Librarian in May 2017. This LCR also describes the responsibilities of the ITSC members regarding the ITIM process.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, III.2.B

Adopt aspects of H.R. 1232 "Federal Information Technology Acquisition Reform Act" (FITARA) -- a bill passed by the House of Representatives -- that would have increased the power of existing Chief Information Officers within federal agencies so that they could be more effective. Each agency would also be reduced to having only one CIO in the agency, who is then responsible for the success and failure of all IT projects in that agency—The OCIO LCR, which was written using aspects of FITARA in order for the OCIO to be more effective, was signed by the Librarian of Congress in May 2017. The Librarian also issued a directive in the fall of 2016 to centralize all IT activities within OCIO. This included the directive for all agency senior IT staff to report to the CIO or Deputy CIO.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, IV.1.A

The CFO (or higher) should ensure that the ITIM process is followed by all service units—The draft ITIM LCR which describes the ITIM process, including the service units’ responsibilities and requirements, was signed by the Librarian in June 2017. The LCR requires service units to follow the ITIM process; service units have been following the ITIM process since FY 2016.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, V.2.B

Include the OCFO review of costs (in summary form) before approval of a new project, and at major checkpoints (milestones) throughout the project life cycle—The Librarian signed in May 2017 the ITSC LCR describing the CFO’s role; it strengthened the linkages between IT management, strategic financial planning and financial controls, and financial management.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, VI.2

Document the role of the Strategic Planning Offi cer in the ITSC process to ensure a synchronized planning cycle. Develop a process for proper timing of strategic planning for investments (early) and a direct tie-in between strategic plans and the ITSC process—The ITSC LCR, which describes the roles and responsibilities of the Director of SPPM in the ITSC process to ensure a synchronized planning cycle, was signed by the Librarian in May 2017.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, VI.3.A

Document a needed linkage between ITSC and the SPO; including roles and responsibilities throughout the ITSC life cycle—The draft ITSC LCR, which describes the Director of SPPM role and responsibilities on the ITSC Committee, was signed by the Librarian in May 2017.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, VI.3.B

Implement a portfolio process, similar to OMB Exhibit 53—OCIO has constructed an IT investment portfolio framework that is modeled after the OMB Exhibit 53 process and incorporates OCIO’s implementation of the TBM model to provide transparency into IT spending across the Library. This portfolio process has been implemented as part of FY 2018 IT investment planning. The portfolio process is a collaborative effort between those who own business requirements with technology implications within the Library’s service units and those within OCIO who are responsible for the delivery of a particular TBM IT tower. The portfolio process is intended to capture the total ask for the fiscal year while providing sufficient granularity in order to identify areas that are driving IT costs, particularly for operations and maintenance (O&M) costs and capture both pay and non-pay estimates at the life cycle phase (Planning, O&M, etc.) level of granularity. This portfolio process will provide the data to support funding prioritization recommendations as well as help to identify those instances where putting forward a New and Expanded Funding Request would be appropriate.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, VII.1.B

The Chief of Staff should take steps to update the Library’s existing information resource management, ITIM, and EA policies and practices. These existing standards need to be updated with lessons learned or improvements that are aligned with the Library's evolving strategic plan and leading or best practices—The draft ITIM, IRM, and EA LCRs, which link the Library’s practices and policies to the Library’s Strategic Plan, were signed by the Librarian in May and June 2017.

Design of Library-Wide Internal Controls for Tracking IT Investments, 2014-IT-101, March 2015, Office of the Chief Information Officer, VII.2.A

The CIO should champion a best practice governance methodology to build awareness and understanding of best practices in the areas of IT management and program governance—The IRM LCR recognizes the benefits of centralized control and agency-wide coordination of IT resources and activities, and adopts government or industry practices and policies that assist in accomplishing the Library’s goals. The draft OCIO LCR establishes the CIO’s role as a champion of best practice governance methodology. Both LCRs were signed by the Librarian in May 2017.

Purchase Card Program, 2015-PA-102, March 2017, Office of the Chief Financial Officer, 1

The Program Coordinator should develop and implement updated and accurate policies and procedures, including updated training requirements, for the purchase card program—Library of Congress Directive 7-220.1, Government Purchase Card, has been updated and issued. Updated training requirements have been included in the revised purchase card directive. Purchase card pilot training was conducted on July 20, 2017. Feedback from participants will be incorporated in the guide.

Purchase Card Program, 2015-PA-102, March 2017, Office of the Chief Financial Officer, 3

The Program Coordinator should establish trainings for cardholders and approving officials on those internal controls they are required to uphold—Training materials for Momentum sessions were updated in August 2017.

Purchase Card Program, 2015-PA-102, March 2017, Office of the Chief Financial Officer, 5

The Program Coordinator should reexamine its Expert Monitoring System (EMS) rules and update them to more effectively detect improper transactions—EMS rules were reviewed and updated in February 2017.

Purchase Card Program, 2015-PA-102, March 2017, Office of the Chief Financial Officer, 6

The Program Coordinator should establish procedures for the effective usage of EMS and outline them in the program’s updated policies and procedures—Procedures have been created that include guidance for the use of EMS.

Purchase Card Program, 2015-PA-102, March 2017, Office of the Chief Financial Officer, 7

OCFO management should establish expectations and hold purchase card program personnel accountable for routinely enforcing the program’s internal controls and requirements as stated in updated policies and procedures—Performance plans for purchase card program coordinators were updated in May 2017 and include more details on responsibilities associated with purchase card program oversight tasks. The updated plans also include specific performance requirements for those responsibilities.

Prints and Photographs Division, 2014-PA-106, August 2016, Library Services, 6

The Library should examine its strategic plan (e.g., the plan’s objectives and performance measures), policies, procedures, and other parts of its internal control system to determine whether Library-wide controls adequately respond to the risks posed by arrearage, including establishing a sustainable level of arrearage—The second, third, and fourth quarter milestones for the Arrearage Reduction Annual Performance Goal were all successfully met. Library Services has determined that the best remedy to the risks posed by arrearage is to process the backlogs of special format collections and reduce the Library’s arrearage to a sustainable 10% of total collections by 2028. Current physical security measures will remain in place to protect collections while they are unprocessed.

During this semiannual period, Arrearage Assessment Team (AAT) members reviewed the 1989 report “Unprocessed Arrearages of the Library of Congress” and other subsequently-reported data as the starting point for validating and revising definitions, and reviewing current physical, preservation, and inventory control measures in order to develop the survey instrument to facilitate measurement of special format arrearages. In May, the arrearage survey instrument and category descriptions were finalized, and the formal survey of special format arrearages was conducted May 19 - June 2, 2017. A preliminary draft report was submitted to the Director for Collections and Services in late June, and the final report was submitted to the Associate Librarian for Library Services on September 29, 2017.

Funds Questioned or Put to Better Use

Table 4: FY 2002-Present Funds Questioned or Put to Better Use

Funds Questioned and Put to Better Use Ratio: 2.29:1

Funds Questioned and Put to Better Use to OIG Discretionary Budget [Footnote 6]:$74,549,355

TABLE 5: FY 2017 Audits with Recommendations for Better Use of Funds

(1) Number of Audit Reports and (2) Total Funds Put to Better Use

No management decision was made by the start of the period: (1) - (2) -

Issued during the period: (1) - (2) -

In need of management decision during the period: (1) - (2) -

Management decision made during the reporting period:

Value of recommendations agreed to by management: (1) - (2) -

Value of recommendations not agreed to by management: (1) - (2) -

No management decision made by the end of the reporting period:

Less than six months old: (1) - (2) -

More than six months old: (1) - (2) -

TABLE 6: FY 2017 Audits with Questioned Costs

(1) Number of Audit Reports and (2) Total Questioned Costs (3) Unsupported Costs

No management decision made by the start of the period: (1) - (2) - (3) -

Issued during the period: (1) - (2) - (3) -

In need of management decision during the period: (1) - (2) - (3) -

Management decision made during the reporting period:

Value of recommendations agreed to by management: (1) - (2) - (3) -

Value of recommendations not agreed to by management: (1) - (2) - (3) -

No management decision made by the end of the reporting period:

Less than six months old: (1) - (2) - (3) -

More than six months old: (1) – (2) - (3) -

Instances of the Library Refusing to Provide Information or Assistance or Interfering with OIG’s Independence

During the reporting period, there were no instances in which the Library refused to provide information or assistance or interfered with OIG’s independence.

Status of Reports or Recommendations–(1) for which no management decision was made and/or (2) for which no management comment was made within 60 days

During the reporting period, there were no reports or recommendations more than six months old without management decisions. There were also no reports or recommendations for which no management comment was made within 60 days.

Significant Revised Management Decisions

There were no significant revised management decisions during the reporting period.

Significant Management Decisions with Which OIG Disagrees

There were no significant management decisions with which we disagreed during the reporting period.

Instances in Which an Inspection, Evaluation, or Audit was Completed and Not Disclosed to the Public

There were no instances during the reporting period in which we completed an inspection, evaluation, or audit without disclosing it to the public. All such products are listed on our website at www.loc.gov/about/oig.

Peer Review Reporting

On March 31, 2016, OIG’s audit division was the subject of a Council of the Inspectors General on Integrity and Efficiency (CIGIE) peer review by the Peace Corps OIG. The audit division obtains a CIGIE external peer review at least once every three years. Peace Corps OIG concluded that the audit division’s system of quality control has been suitably designed and complied with to provide reasonable assurance of conforming with applicable professional standards in all material respects. Accordingly, the Peace Corps OIG provided a “pass” rating and no recommendations were made. The audit division does not have any outstanding recommendations from a peer review.

OIG did not conduct a peer review of another audit organization during this reporting period. OIG completed its last peer review of the Corporation for National Community Service OIG in April, 2016. OIG did not make any recommendations in the peer review and does not have any outstanding recommendations from past peer reviews conducted of other audit organizations.

OIG Organizational Chart

  • Inspector General,Kurt W. Hyde,CPA
  • Deputy Inspector General,John Mech,CPA
  • Assistant Inspector General for Audits, Eric Mader
  • Counsel to the Inspector General,Deborah Lehrich
  • Director of IT Audit, Stephen Gilbride,CIA, CISA, CRISC, CGFM
  • Senior Auditor, Walter Obando, CIA, CISA
  • Management Analyst,Sarah Sullivan
  • 2 vacant auditor positions
  • Acting Assistant Inspector General for Investigations, Lester Davis
  • Special Agent, Johnny Rivera
  • Management Analyst,Michael Peters, SCERS
  • 1 Vacant Special Agent position
  • Administrative Officer, Sheetal Gupta

INSPECTOR GENERAL HOTLINE

HELP PROMOTE INTEGRITY, ECONOMY, AND EFFICIENCY REPORT SUSPECTED FRAUD, WASTE, ABUSE, OR MISMANAGEMENT

COMPLAINTS MAY BE MADE ANONYMOUSLY

INSPECTOR GENERAL
LIBRARY OF CONGRESS
101 INDEPENDENCE AVENUE S.E.
LM-630
WASHINGTON, DC 20540 -1060

FAX NUMBER: (202) 707-6032
HOTLINE FORM: http://www.loc.gov/about/office-of-the-inspector-general/contact-us/

Office of the Inspector General
101 Independence Avenue SE
Washington, DC 20540-1060
Telephone 202.707.6314 Fax 202.707.6032
www.loc.gov/about/oig/

Footnotes:

  1. The Library Needs to Determine an eDeposit and eCollections Strategy, 2014-PA-101, April 2015.
  2. Ongoing Weaknesses in the Acquisition Function Require a Senior Management Solution, 2011-SP-106, March 2012.
  3. GAO-05-218G, September 2005.
  4. These status updates are management assertions and have not been audited.
  5. These status updates are management assertions and have not been audited.
  6. Total budget minus (1) unreimbursed cost of mandatory financial statement audits, including the cost of OIG staff to oversee financial statement activity, and (2) any unobligated funds returned to the Library for resource reallocation.
 Back to top