"Not only was a large volume (11 out of 47 systems) of OPM's IT systems operating without a valid Authorization, but several of these systems are among the most critical and sensitive applications owned by the agency, " MichaelEsser, OPM's assistant inspector general for audits, wrote in testimony prepared for committee.