The push to get the DoE's Office of Energy Efficient and Renewable Energy's "Integrated Resource and Information System" project — or IRIS — started is riddled with issues, the audit found.
The office, called EERE, put forth this singular IT system to replace 119 existing ones.
Doing so, with 12 new "modules," would "streamline its business processes and enhance communications among employees," the audit said.
Despite spending more than $7 million as of this month — the project started in October 2012 — the IG's office found numerous practices impeding the project.
EERE officials, for example, failed to put together a "project execution plan." The plan would have contained pieces essential to making sure the project was going smoothly, such as its total cost, a detailed schedule of implementation and a summary of its advantages.
In addition, as required by law, EERE officials did not make sure the IRIS efforts were supported by Office of Management and Budget guidelines.
EERE officials were also able to dodge following DoE's Capital Planning Investment Control process — a process designed to ensure IT investments "integrate strategic planning, budgeting, procurement and management," according to the audit.
Officials were able to do so by saying the "life-cycle cost" would not exceed $25 million, despite not having come up with such a cost estimate. Estimates now show that in just the first four years of the project, costs will be around $15 million.
Furthermore, when justifying the choice of a software vendor — which was a sole source contract — EERE officials estimated labor costs would be $2.75 million to make the 12 modules. However, the IG found officials went against the original software module plan in order to "customize" it to fulfill user requests.
This plan change cost $3.6 million instead, and to date, the IG found only three of the 12 planned modules have been "placed into operation."
"Program officials did not ensure that basic security controls were implemented such as the development and testing of system security plans," the audit also found.
Finally, the IG found that work culture and office morale both hurt the program.
Employees said they were "discouraged from providing constructive feedback to management" and "pressured not to cooperate with the OIG" for fear of management retaliation.
"We cannot determine with certainty whether we had full access to the full range of critical project information," the audit said.
The IG concluded there is a high risk of "cost overruns and schedule delays," among other risks, as the shortcomings in the project continue to pile up.