[House Hearing, 112 Congress]
[From the U.S. Government Printing Office]
BUILDING ONE DHS: WHY CAN'T MANAGEMENT INFORMATION BE INTEGRATED?
=======================================================================
HEARING
before the
SUBCOMMITTEE ON OVERSIGHT,
INVESTIGATIONS, AND MANAGEMENT
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED TWELFTH CONGRESS
SECOND SESSION
__________
MARCH 1, 2012
__________
Serial No. 112-72
__________
Printed for the use of the Committee on Homeland Security
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
Available via the World Wide Web: http://www.gpo.gov/fdsys/
__________
U.S. GOVERNMENT PRINTING OFFICE
76-599 PDF WASHINGTON : 2013
-----------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Printing
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; DC
area (202) 512-1800 Fax: (202) 512-2250 Mail: Stop SSOP, Washington, DC
20402-0001
COMMITTEE ON HOMELAND SECURITY
Peter T. King, New York, Chairman
Lamar Smith, Texas Bennie G. Thompson, Mississippi
Daniel E. Lungren, California Loretta Sanchez, California
Mike Rogers, Alabama Sheila Jackson Lee, Texas
Michael T. McCaul, Texas Henry Cuellar, Texas
Gus M. Bilirakis, Florida Yvette D. Clarke, New York
Paul C. Broun, Georgia Laura Richardson, California
Candice S. Miller, Michigan Danny K. Davis, Illinois
Tim Walberg, Michigan Brian Higgins, New York
Chip Cravaack, Minnesota Cedric L. Richmond, Louisiana
Joe Walsh, Illinois Hansen Clarke, Michigan
Patrick Meehan, Pennsylvania William R. Keating, Massachusetts
Ben Quayle, Arizona Kathleen C. Hochul, New York
Scott Rigell, Virginia Janice Hahn, California
Billy Long, Missouri Vacancy
Jeff Duncan, South Carolina
Tom Marino, Pennsylvania
Blake Farenthold, Texas
Robert L. Turner, New York
Michael J. Russell, Staff Director/Chief Counsel
Kerry Ann Watkins, Senior Policy Director
Michael S. Twinchek, Chief Clerk
I. Lanier Avant, Minority Staff Director
------
SUBCOMMITTEE ON OVERSIGHT, INVESTIGATIONS, AND MANAGEMENT
Michael T. McCaul, Texas, Chairman
Gus M. Bilirakis, Florida William R. Keating, Massachusetts
Billy Long, Missouri, Vice Chair Yvette D. Clarke, New York
Jeff Duncan, South Carolina Danny K. Davis, Illinois
Tom Marino, Pennsylvania Bennie G. Thompson, Mississippi
Peter T. King, New York (Ex (Ex Officio)
Officio)
Dr. R. Nick Palarino, Staff Director
Diana Bergwin, Subcommittee Clerk
Tamla Scott, Minority Subcommittee Director
C O N T E N T S
----------
Page
Statements
The Honorable Michael T. McCaul, a Representative in Congress
From the State of Texas, and Chairman, Subcommittee on
Oversight, Investigations, and Management:
Oral Statement................................................. 1
Prepared Statement............................................. 3
The Honorable William R. Keating, a Representative in Congress
From the State of Massachusetts, and Ranking Member,
Subcommittee on Oversight, Investigations, and Management...... 4
The Honorable Bennie G. Thompson, a Representative in Congress
From the State of Mississippi, and Ranking Member, Committee on
Homeland Security:
Prepared Statement............................................. 6
Witnesses
Mr. Rafael Borras, Under Secretary for Management, U.S.
Department of Homeland Security:
Oral Statement................................................. 7
Prepared Statement............................................. 9
Mr. David C. Maurer, Director, Homeland Security and Justice
Team, Government Accountability Office:
Oral Statement................................................. 14
Prepared Statement............................................. 15
Mr. Charles K. Edwards, Acting Inspector General, U.S. Department
of Homeland Security:
Oral Statement................................................. 23
Prepared Statement............................................. 24
Appendix
Questions Submitted by Chairman Michael T. McCaul for Rafael
Borras......................................................... 37
Questions Submitted by Chairman Michael T. McCaul for David C.
Maurer......................................................... 42
Questions Submitted by Ranking Member William R. Keating for
David C. Maurer................................................ 43
Questions Submitted by Chairman Michael T. McCaul for Charles K.
Edwards........................................................ 45
Questions Submitted by Ranking Member William R. Keating for
Charles K. Edwards............................................. 45
BUILDING ONE DHS: WHY CAN'T MANAGEMENT INFORMATION BE INTEGRATED?
----------
Thursday, March 1, 2012
U.S. House of Representatives,
Subcommittee on Oversight, Investigations, and
Management,
Committee on Homeland Security,
Washington, DC.
The subcommittee met, pursuant to call, at 9:30 a.m., in
Room 311, Cannon House Office Building, Hon. Michael T. McCaul
[Chairman of the subcommittee] presiding.
Present: Representatives McCaul, Farino, Keating, and
Davis.
Mr. McCaul. The committee will come to order.
First, I would like to acknowledge the Coast Guard
announced that one of its helicopters with four crewmen aboard
crashed during a training mission in the vicinity of Mobile Bay
in the Gulf of Mexico Tuesday night.
We lost one crew member and search-and-rescue efforts are
on-going for the others. So our hearts and thoughts and prayers
go out to the families of these brave men and women.
Let me thank the witnesses for being here today. I now
recognize myself for an opening statement. This hearing is a
second in the series of oversight hearings examining the extent
to which the Department of Homeland Security has made progress
building a more cohesive, efficient, and integrated One DHS, a
department that can effectively thwart terrorist attacks by
protecting air travelers, securing our borders, and enforcing
our immigration laws.
According to House Rules, each standing committee of the
Congress must hold an oversight hearing on an issue the
Government Accountability Office has deemed high-risk for
waste, fraud, and mismanagement, and this is one of those
hearings. After nearly a decade, DHS's failure to integrate its
management practices remains on the GAO's high-risk list.
Stovepiped management information systems continue to plague
DHS with mismanagement, redundancies, and duplication and
inefficient use of resources that has increased costs within
the Department and bungled the implementation of security
operations.
According to the GAO, as of December 2011, DHS has fully
addressed only two out of the 31 key actions and outcomes
required to be removed from the high-risk list for implementing
and transforming DHS. Although Secretary Napolitano has said
she wants to build a more cohesive DHS without integration and
consolidation of management functions, a One DHS will not
happen. Equally important, taxpayer dollars will be wasted and
security objectives will not be met. Unfortunately, there have
been too many examples where DHS has failed at developing and
acquiring new technologies to address the various threats to
the homeland, including border surveillance, screening
equipment, and nuclear detection equipment.
SBInet is one example where the Secretary ended the
original program after costing taxpayers nearly $1 billion to
monitor only 53 miles of the Southwest Border. SBInet failed
due to the lack of effective program management, poorly defined
requirements, inaccurate cost estimates, and limited access to
expert guidance and unavailable and unreliable performance data
to make informed decisions.
The advanced spectroscopic portal program, or ASP, designed
to improve radiation and nuclear detection capabilities at our
seaports and land border crossings is another example where
inaccurate data and poor acquisition management resulted in
underestimated cost and overstated benefits.
DHS spent $230 million on the program before it was
cancelled. Recognizing the inherent risk of acquisitions, it is
essential that the Department effectively leverage best
practices, institutionalize clear governing rules and processes
and enable greater disability of acquisition programs so
immediate action can be taken when a program begins to
experience schedule delays and cost overruns.
GAO defines management and integration as the development
of consistent and consolidated processes, systems, and people
in areas such as information technology financial management
acquisition and human capital that lead directly to greater
efficiency and effectiveness of management in programs. It is
essential that the integration not be limited just within each
individual management function but also be integrated
horizontally across all core management functions of the
Department.
Without full integration, inconsistent reporting
requirements and varying definitions for cost estimations
across the Department can create inaccurate reports on a
program's true cost. The lack of integrated and consolidated
core management functions, something that is required to
effectively run any large organization, has resulted in
manually-intensive data entry on Excel spreadsheets and data
calls to prepare financial statements.
I have a tough time understanding how Americans can
seamlessly sign into their checking accounts on-line to check
their balances, yet DHS is unable to produce reliable, timely,
and useful financial information on where it is spending
billions of taxpayer dollars. Being unable to fully monitor
expenditures of billions of dollars is unacceptable, and the
American people deserve better.
At a time of reduced Federal budgets, the American people
expect greater transparency on how Washington manages limited
resources. Industry has demonstrated through mergers and
acquisitions, management information integration can be
accomplished effectively. Without it, it is impossible for any
manager, either Government or private corporation, to conduct
oversight, improve inefficiencies, and prevent duplicative
programs.
According to the GAO, DHS continues to face challenges
implementing its human capital strategic plan. DHS lacks an
integrated human resource information technology, or HRIT,
management system to track workforce information critical to
human resource planning. For example, the Federal Protective
Service has yet to implement a human capital plan to track and
report hiring, training, and retention programs.
DHS's failure to address these basic management integration
challenges are hindering our ability to provide the required
training, equipment, and information to men and women working
to protect the United States' homeland.
GAO states some progress has been made in the area of
management integration by instituting a decision support tool
to monitor acquisitions and a Center of Excellence to share
best practices throughout the Department. However, GAO also
says considerable work lies ahead addressing the issue of
management integration. I look forward to receiving the
testimony today on what the Department is doing to ensure that
management integration issues will not continue to get in the
way of the Department's need to carry out its mission of
protecting the American people and saving taxpayer dollars.
With that, I will recognize the Ranking Member of the
subcommittee, Mr. Keating.
[The statement of Mr. McCaul follows:]
Statement of Chairman Michael T. McCaul
March 1, 2012
This hearing is the second in a series of oversight hearings to
examine the extent to which the Department of Homeland Security has
made progress building a more cohesive, efficient, and integrated ``One
DHS''--a Department that can effectively thwart terrorist attacks by
protecting air travelers, securing our borders, and enforcing our
immigration laws.
According to House Rules, each standing Committee of the Congress
must hold an oversight hearing on an issue the Government
Accountability Office has deemed high-risk for waste, fraud, and
mismanagement.
After nearly a decade, DHS's failure to integrate its management
practices remains on the GAO's High-Risk list.
Stove-piped management information systems continue to plague DHS
with mismanagement, redundancies, and duplication, and inefficient use
of resources that has increased costs within the Department and bungled
the implementation of security operations.
According to GAO, as of December 2011 DHS has fully addressed only
2 out of 31 key actions and outcomes required to be removed from the
high-risk list for ``Implementing and Transforming DHS.''
Although Secretary Napolitano has said she wants to build a more
cohesive, effective, and efficient ``One DHS,'' without integration and
consolidation of management functions, a ``One DHS'' will not happen;
and equally important, taxpayer dollars will be wasted and security
objectives will not be met.
Unfortunately there have been too many examples where DHS has
failed at developing and acquiring new technologies to address the
various threats to the homeland including border surveillance,
screening equipment, and nuclear detection equipment.
SBInet is one example where the Secretary ended the original
program after costing taxpayers nearly $1 billion to monitor only 53
miles of the Southwest Border.
SBInet failed due to the lack of effective program management,
poorly defined program requirements, inaccurate cost estimations,
limited access to expert guidance, and unavailable and unreliable
performance data to make informative decisions.
The Advanced Spectroscopic Portal Program, or ASP, designed to
improve radiation and nuclear detection capabilities at our seaports
and land border crossings is another example where inaccurate data and
poor acquisition management resulted in underestimated costs and
overstated benefits. DHS spent $230 million on the program before it
was cancelled.
Recognizing the inherit risks of acquisitions, it is essential that
the Department effectively leverage best practices, institutionalize
clear governing roles and processes, and enable greater visibility of
acquisition programs so immediate action can be taken when a program
begins to experience schedule delays and/or cost overruns.
GAO defines management integration as the development of consistent
and consolidated processes, systems, and people--in areas such as
information technology, financial management, acquisition, and human
capital--that lead directly to greater efficiency and effectiveness of
management and programs.
It is essential that integration not be limited just within each
individual management function, but also be integrated horizontally
across all core management functions of the Department.
Without full integration, inconsistent reporting requirements and
varying definitions for cost estimations across the Department can
create inaccurate reports on a program's true cost.
The lack of integrated and consolidated core management functions,
something that's required to effectively run any large organization,
has resulted in manually-intensive data entry on Excel spreadsheets and
``data calls'' to prepare financial statements.
I have a tough time understanding how Americans can seamlessly sign
into their checking accounts on-line to check their balances yet DHS is
unable to produce reliable, timely, and useful financial information on
where it's spending billions of taxpayer dollars.
Being unable to fully monitor expenditures of billions of dollars
is unacceptable. The American people deserve better.
At a time of reduced Federal budgets, the American people expect
greater transparency on how Washington manages limited resources.
Industry has demonstrated, through mergers and acquisitions,
management information integration can be accomplished effectively.
Without it, it is impossible for any manager, either Government or
private corporation, to conduct oversight, improve efficiencies, and
prevent duplicative programs.
According to GAO, DHS continues to face challenges implementing its
Human Capital Strategic Plan. DHS lacks an integrated Human Resource
Information Technology, or HRIT management system to track workforce
information critical to human resource planning.
For example, the Federal Protective Service has yet to implement a
human capital plan to track and report hiring, training, and retention
programs.
DHS' failure to address these basic management integration
challenges are second-handedly hindering our ability to provide the
required training, equipment, and information to men and women working
to protect the U.S. homeland.
GAO states some progress has been made in the area of management
integration by instituting a decision support tool to monitor
acquisitions and a Center of Excellence to share best practices
throughout the Department. However GAO also says considerable work lies
ahead addressing the issue of management integration.
I look forward to receiving testimony today on what the Department
is doing to ensure that management integration issues will not continue
to get in the way of the Department's need to carry out its mission of
protecting the American people, and saving taxpayer dollars.
Mr. Keating. Thank you, Mr. Chairman.
Earlier this year, we had the opportunity to go back 10
years and look at the 9/11 Commission report. I would just like
to mention at the outset that one of the gaping holes that was
called into question dealing with not having an integrated
block so the public safety people at all levels can talk to
each other has been addressed since then. We have the passage
of the 700 megahertz dedicated to that that will save lives
should we face another natural disaster or a terrorist attack,
and the so-called D Block is there, and it is worth noting we
have made some progress on that since we had a hearing that
emphasized that earlier this year.
I also want to thank the panelists for being here.
Under Secretary Borras, it is great to see you again.
The Department of Homeland Security is one agency formed
with 22 other legacy agencies. Legacy is worth mentioning
because it is part of the problem we still are grasping trying
to deal with today as we look for integration. There is no
secret that since the Department's inception in 2003, that its
unique history has caused DHS officials, particularly the
management division, to face multiple challenges in building
One DHS.
The Government Accountability Office subsequently
categorized the Department's transformation efforts as high-
risk because of the economic and National security implications
dealing with this kind of integration.
To address this designation, the Department provided the
Government Accountability Office with its integrated strategy
for high-risk management and has issued updates of the strategy
in June and December 2011, identifying the causes of its
management challenges.
I appreciate the Department's efforts to further
consolidate these efforts, but with approximately $60 billion
in budgetary authority and over 200,000 in personnel, the need
is greater than ever for the Department to mature into a
cohesive organization with streamlined management functions and
operations with the capacity to fulfill its homeland security
missions.
The Government Accountability Office has issued upwards of
100 recommendations since 2003 to assist the Department in
shoring up its management integration initiatives. In an
increasingly strained budget climate, it is imperative that the
Department move to implement these recommendations with all
deliberate speed. It is no longer sufficient for the Department
to just develop plans and processes. It is a time to execute
and build on the foundation that has been established in the
interest of National security.
In the last Congress, the Department suffered considerable
funding and staff reductions, yet progress has been made by
Under Secretary for Management Borras and advancing key
management initiatives that have the potential to redirect
management functions and operations. Notably, for the first
time, the Department received a qualified opinion on its
financial statements in fiscal year 2011.
Now the Department must build on this milestone by
accelerating the complete implementation of initiatives to
stabilize its internal controls and to modernize its management
of financial management. Acquisition, management, and human
capital information technology also have to accelerate in terms
of their management capabilities. To succeed in achieving
management integration, Under Secretary Borras needs sufficient
enforcement authority to ensure the Department's many component
agency heads and personnel are able to carry out the mandates
for changing how business is conducted. Also, the Under
Secretary and senior leaders must ensure that they secure the
cooperation of component agency personnel if they are to
succeed in implementation of their agenda for achieving
management integration.
With that, I look forward to today's hearing and the
testimony. I yield back my time.
Mr. McCaul. I thank the Ranking Member.
With that, I will introduce the witnesses. We have votes
around 10:15, so if we can make those opening statements
concise so the Members can ask questions and we can hopefully
be done before the votes occur.
First, Mr. Rafael Borras is the Under Secretary for
Management and Chief Acquisitions Officer for the Department.
He oversees management of the Department's nearly $40 billion
budget, the appropriations, expenditures of funds, accounting,
and finance. He administers control over the Department's $17
billion in procurements. He is also responsible for directing
human capital and personnel programs for the employees.
Next, we have Mr. David Maurer, who is the director with
the U.S. Government Accountability Office, Homeland Security
and Justice Team, where he leads GAO's work reviewing DHS and
the Department of Justice management issues. His recent work in
these areas include management integration, examination of the
Quadrennial Homeland Security Review, Secret Service financial
management, DOJ grant management, the Federal Prison System,
and others.
One final witness is Mr. Charles Edwards, the Acting
Inspector General of the Department of Homeland Security. He
assumed his position in February 2011. He served previously as
a Deputy Inspector General of the Department of Homeland
Security and has 20 years of experience in the Federal
Government and has held several leadership positions.
Other committee Members may have statements and they will
be included for the record.
[The statement of Ranking Member Thompson follows:]
Statement of Ranking Member Bennie G. Thompson
March 1, 2012
I would first like to thank Chairman McCaul for convening this
hearing.
We are here today to discuss the integration of the Department of
Homeland Security's (Department) management functions and examine
whether there is room for improvement.
When the Department was created in 2002, it was the largest
reorganization and consolidation of Government agencies, personnel,
programs, and operations since the creation of the Department of
Defense in 1949, some 53 years earlier.
Twenty-two different agencies, many with management challenges of
their own, were combined into one.
These agencies brought with them aged financial management systems,
cumbersome acquisition policies, and inconsistent human capital
policies.
Since that time, the Department has made efforts to build these
disparate operations into one seamless system so that the thousands of
men and women that work every day to secure our Nation will have the
proper administrative and management functions they need to operate on
a daily basis.
When FEMA enters into a contract with a vendor for one amount, and
then CBP enters into a contract with the same vendor for the same
product for a different amount, that's a problem. If those contracts
were combined, money could be saved.
When a TSA human resources manager has to log out and log into
three different systems to determine: (1) Time and attendance records;
(2) current salary; and (3) training attendance for one employee,
that's a problem. Combining these systems into one can save time,
reduce errors, and streamline bureaucracy.
When an employee that works for the Chief Financial Officer has a
meeting with an employee that works for the Chief Information Officer
and has to travel 30 minutes to get to the meeting location, that's a
problem. Consolidating the Department's headquarters into one location
will reduce costs, travel time, and create a more harmonious
environment among the Department's personnel.
Fortunately, as reflected by the President's fiscal year 2013
budget request, the Department has come a long way in streamlining its
efforts and under new initiatives intends to go even further.
The new Human Resource Information Technology program, in addition
to plans to finalize existing Data Center consolidation efforts, and
the new strategy for financial modernization are all steps in the right
direction.
If fully funded, these programs will go a long way in improving the
Department's integration efforts.
I look forward to hearing testimony from Under Secretary Borras on
additional Department plans and strategies and from our witnesses from
the Government Accountability Office and the Officer of the Inspector
General on improvements that have been made in the last 3 years and
recommendations for future progress.
I yield back the balance of my time.
Mr. McCaul. With that, I now recognize Mr. Borras for his
opening statement.
STATEMENT OF RAFAEL BORRAS, UNDER SECRETARY FOR MANAGEMENT,
U.S. DEPARTMENT OF HOMELAND SECURITY
Mr. Borras. Thank you, Mr. Chairman, Ranking Member Keating
and the other distinguished Members of the committee. Thank you
for the opportunity to appear before you today.
Also, Mr. Chairman, thank you for acknowledging the loss of
our brave Coast Guard servicemen who lost their lives not quite
36 hours ago in a training mission in the Mobile area.
One of my top priorities during my tenure as Under
Secretary for Management has been to improve the way we
collect, store, and manage and use information across the
Department. When I arrived at the Department almost 2 years
ago, I was frustrated with the time and effort needed to access
the necessary information to facilitate responsible decision
making in a multibillion dollar enterprise. In my private-
sector experience, I was accustomed to having essential
financial information at my fingerprints to support my
decision-making responsibilities.
While significant progress has been made to leverage
business intelligence and integrate disparate processes and
systems to improve our decision-making abilities, we still have
not reached a fully integrated operational state. However, we
have made very important progress during the past 2 years. I am
especially proud of the progress we made to enhance how we have
managed information in three key areas; acquisition, finance,
and human capital.
As chief acquisition officer, I oversee the policies and
processes and procedures used to acquire over $18 billion worth
of goods and services each year. During my tenure, I have
focused significant attention on successful delivery of major
acquisition programs, which are imperative to supporting the
front-line operations. A crucial step to improve the process
was taken last year when I restructured the oversight of all
major acquisition programs. A key part of that restructuring
was to elevate the Office of Program Accountability and Risk
Management, called PARM, to be a direct report to me.
I also issued a program management and execution playbook
to the acquisition workforce. The playbook is my vision for
strengthening program management and execution capabilities as
an important step to mature the acquisition management system.
Most importantly, at my direction, PARM developed and
implemented a business intelligence tool to monitor the
operational status of each acquisition program. The decision
support tool, or DST, is a web-enabled tool that provides DHS
leaders and program managers with a central dashboard for
accessing and tracking the health of major acquisition
programs, projects, and our portfolio programs.
As a result of the DST and our enhanced acquisition
oversight, we can be much more responsive and generate factual
detail information on the health of a program investment
quickly. Since October 1, 2011, the DST is being used to
monitor the cost, schedule, and performance of all of our
acquisition programs.
I am also pleased to report the Department's financial
management capabilities are improving. For 2011, we received a
qualified audit opinion on two of the Department's financial
statements, a key accomplishment which could not have occurred
without greatly improved ways of collecting and using data. We
are harnessing the lessons learned from this process to design
and implement broader business intelligence capabilities that
will modernize financial management systems.
Through business intelligence, we will have better access
to current financial data, which will inform management
decisions, increase accountability to stakeholders and improve
the overall health and financial management of the Department.
In March 2011, I launched a Financial Reporting Dashboard
System, FRDS, an enterprise-wide repository and business
intelligence tool. FRDS uses the monthly budget execution data
provided to Congress to produce enterprise level reports and
trend analysis in user-friendly formats. Although it is only
part of the capability we will ultimately need, we have
expanded our ability to extract financial information to
improve the visibility of the component's financial condition.
As we move beyond the financial consolidation efforts of
the past, we recognize the difficult financial pressures we
face and will focus on an incremental and financially
responsible approach, which includes shoring up near-term
system capabilities before moving on to the deployment of
modernized core financial systems in those components that have
the most pressing needs.
One effort in aligning Human Resource Information
Technology, or HRIT, is another key priority. In September
2010, I established and chaired an HRIT executive steering
committee to provide cross-departmental leadership to the
modernization efforts of our human resource processes. Through
the executive steering committee, we have developed a strategic
plan to consolidate multiple HR systems throughout DHS. One of
the first activities was completing a Department-wide human
resources target architecture, which serves as the blueprint
for our HR systems' end state. This work was recently awarded a
2011 Excellence in Enterprise Architecture Award for our staff.
In the coming months, we will standardize data sets and
initiate pilots on enterprise business intelligence capability.
My goal is for the decision support capability to serve as the
primary source for DHS dashboards, where performance program
and portfolio management, financial acquisition and human
capital information, and other DHS data sets are obtained from
the DHS systems of record. Those dashboards will be integrated
to provide a better view into the Department's mission
performance and identify efficiency opportunities.
My approach to using information to help integrate DHS can
be summed up as follows: I am building a solid sustainable
foundation that is being implemented and executed using best
practices with good stewardship of the taxpayer's dollars. We
will continue to use a modular and agile approach to add
capabilities that avoid duplication while enhancing our ability
to collect, analyze, and report on the business of DHS to help
informed decision making and enhance our management
integration. Along the way, we are helping to foster the One
DHS culture that is necessary to continue to mature our
Department and support our operators in the execution of their
mission.
Once again, I thank you for the opportunity to be before
you today, and I look forward to answering your questions.
[The statement of Mr. Borras follows:]
Prepared Statement of Rafael Borras
March 1, 2012
Chairman McCaul, Ranking Member Keating, and other distinguished
Members of the committee, I thank you for the opportunity to appear
before you today and discuss our efforts to integrate management
information and to build One DHS.
One of my top priorities during my tenure as Under Secretary for
Management (USM) has been to improve the way we collect, store, and
manage data across the Department in order to improve executive level
decision making. When I arrived at the Department almost 2 years ago, I
was frustrated with the time and effort needed to retrieve data I
needed to oversee a multi-billion dollar enterprise. In my private
sector experience, I was accustomed to having key financial, human
capital, and procurement data at my fingertips.
One of my first actions was to direct my line-of-business chiefs to
work with their component counterparts to mature the Department's data
management and better support our enterprise level decision-making
capabilities. While significant progress has been made to leverage
business intelligence and integrate disparate processes and systems, we
still have work to do in order to reach a fully integrated operational
state. Today, I would like to present some of the important progress
that has been made over the past 2 years and outline the way forward to
continue to build out the support systems to allow DHS to make better-
informed decisions. In many ways, this effort is at the core of
improving our ``One DHS'' culture.
Historically, much of the data available to Department of Homeland
Security (DHS) leadership has been generated through manual data calls,
which are labor-intensive and have a greater risk of inaccurate or
incomplete content. In response, we have begun developing standard data
sources and reporting mechanisms to provide timely and accurate data
across all lines of business.
We have made progress in implementing several systems to reduce
manual data calls and improve accuracy and completeness of information.
Some of our solutions that are successfully providing quality data are
the Department of Homeland Security Treasury Information Executive
Repository, the Fleet Management Analysis and Reporting System, the
Financial Reporting Dashboard System, and most recently the Decision
Support Tool, which became the official source of acquisition program
execution information and data on October 1, 2011. These solutions
provide robust business intelligence (BI) over disparate data sources,
collating information to improve decision-making through access to
accurate program data and metrics. Deploying business intelligence
solutions across the financial management spectrum has improved
Departmental compliance with the Chief Financial Officer (CFO) Act and
DHS Financial Accountability Act, OMB guidance, other regulations, and
Government accounting standards.
I firmly believe that utilizing BI tools will improve the
effectiveness of management and achieve compliance, performance, and
quality improvement goals by providing:
Enhanced access to key financial data across organizational
boundaries,
Key indicators of acquisition health that are data-driven
and risk-informed, and
Improved human capital and resource management to enable
emerging organizational opportunities.
To house the BI solutions, the Department recognizes the need for a
common place for systems and data to reside in a private cloud
environment. In alignment with OMB's Federal Data Center Consolidation
Initiative, our Office of the Chief Information Officer (CIO) is in the
process of consolidating 43 of the Department's legacy data centers
into two Enterprise Data Centers (EDC), known as ``DC1'' and ``DC2.''
The consolidation of numerous component systems at our EDCs enables
more effective collection and use of business information across the
enterprise and the Department's fiscal year 2013 budget request
includes nearly $65 million to fully complete the migration of data
centers for three of our largest components.
One example of this increased effectiveness is the deployment of
SharePoint-as-a-Service in our EDCs. Numerous human resource,
financial, and administrative systems use SharePoint. By migrating
these SharePoint systems to a common platform within our data centers,
we enable the appropriate data aggregation across components to improve
enterprise decision-making. Additional benefits of consolidation
include ensuring that DHS has a seamless disaster recovery capability
and significantly enhancing the cybersecurity posture of DHS systems.
Since I last testified before this committee, I have worked closely
with my colleagues in the components, as well as my line-of-business
chiefs, to mature our organizational effectiveness across DHS. I am
especially proud of our progress to enhance the three key management
disciplines of acquisition management, financial management, and human
capital management. The Department has made significant progress to
improve in these areas.
I welcome the opportunity to focus first on the significant
achievements in the acquisition management area.
acquisition management
The successful delivery of major programs is imperative to our
Department. Nearly half of the DHS budget is dedicated to obtaining
goods and services to support and improve our capabilities, including
over $18 billion in investments in our acquisition programs. Due to the
nature of how quickly the Department was stood up and the many legacy
and new agencies it encompassed, DHS's earliest acquisition processes
were imperfect and slow to mature. Today's acquisition practices are
vastly improved in terms of process, oversight, and collaboration. We
are working collaboratively with our partners across DHS to enhance our
acquisition practices so that we are efficient and effective in
delivering critical capabilities.
In the early days, DHS was operating in disparate silos focused on
purchasing goods and services with minimal management of requirements.
Today we are much more efficient because we have a more robust
acquisition practice that focuses on requirements and program
management, enhanced guidance on testing, and training and
certification of our professional workforce. Departmental leadership is
better equipped than ever to make risk-informed acquisition decisions.
A crucial step in this process was taken in the second quarter of
fiscal year 2011, when I restructured oversight of all major
acquisition programs. A key part of this restructuring was the
elevation of the Program Accountability and Risk Management (PARM) to
be a direct report to me to support my role as the Under Secretary for
Management. PARM manages and implements Acquisition Management
Directive (MD) 102-01, serves as the Executive Secretariat to the
Acquisition Review Board (ARB) and the Component Acquisition Executive
(CAE) Council, and guides managers of major investments through the
acquisition governance process. PARM also provides independent
assessments of major investment programs and works with DHS partners to
enhance business intelligence to inform ARB decisions. It monitors
programs between formal reviews to identify any emerging issues that
DHS needs to address to keep the programs on track. PARM guides
programs to success.
To establish a vision for enhancing program execution, in December
2011, I issued the Program Management & Execution Playbook, called the
Playbook, to the acquisition workforce. The Playbook is my vision for
strengthening program management and execution capabilities, and
maturing the acquisition management system. The Playbook addresses
several management priorities, including increasing the expertise and
capabilities of the acquisition and program management workforce,
improving program execution, increasing access to expert guidance and
best practices, and increasing access to reliable and useful program
performance data.
In addition to managing the day-to-day oversight of acquisition
programs, PARM has developed and implemented a business intelligence
tool to monitor the operational status of each acquisition program. The
Decision Support Tool (DST) is a web-enabled tool that provides DHS
leaders, governance boards, and program managers with a central
dashboard for assessing and tracking the health of major acquisition
projects, programs, and portfolios. The DST creates graphs, charts, and
other views of key indicators of program health, such as cost, funding,
and schedule. My goal is to improve program accountability and to
strengthen the Department's ability to make sound strategic decisions
throughout the life cycle of major acquisitions.
The DST became the official source of Acquisition Decision Event
information and data on October 1, 2011. It is already informing ARBs
with standardized information. On February 13, 2012, I issued a
memorandum once again calling on all components and programs to ensure
that on a monthly basis all acquisition program information reported in
the Department existing data systems is complete, accurate, and valid.
One aspect of the DHS vision is to shift the program management
paradigm toward being more data-driven, with emphasis on the
criticality of maintaining quality data within DHS source systems. One
significant result of this shift in culture is evidenced in the
development and delivery of the Comprehensive Acquisition Status Report
(CASR).
The CASR provides the status of DHS major acquisitions listed in
the ``Department of Homeland Security Major Acquisition Oversight
List.'' Previous DHS Congressional reports provided limited detail and
took several months to compile. The new CASR format increases the
quality of information and can be produced in less time. As our
business intelligence capability and data fidelity efforts continue to
mature, the already greatly condensed time line will leverage DST
automation to mine program data to feed the CASR in near-real-time.
From the procurement perspective, the Department has also matured.
In November 2011, we implemented a comprehensive Procurement Health
Assessment Program for all nine contracting activities across DHS. This
Health Assessment is a robust management information system to monitor
and evaluate the performance of contracting operations and support
across 30 specific Chief Procurement Officer (CPO) initiatives. In
order to integrate our assessment system throughout all DHS procurement
activities, we implemented a business intelligence tool, the Enterprise
Reporting Application (ERA), to extract data from several sources into
a single data warehouse. This system allows each Head of Contracting
Activity (HCA) and the CPO to monitor key performance metrics, such as
competition rates, small business contracting progress, acquisition
savings initiatives, data accuracy, and employee training and
certification status on a daily basis and take immediate corrective
action. Our Health Assessment Program also provides us with the ability
to perform an extensive mid-year and end-of-year performance review
with each contracting activity, as well as to establish specific goals
for the upcoming fiscal year.
The Department is making significant progress to improve
acquisition management and program execution. We are continuing to
drive our governance processes forward to ensure greater program
accountability.
financial management
The Department is designing and implementing business intelligence
capabilities that will modernize financial systems. Through BI, we will
have better access to current financial data, which will inform
management decisions, increase accountability to stakeholders, and
improve the overall health of financial management.
For the past 4 years, we have generated the audited financial
statements for the Department and components through a critical
reporting tool known as DHSTIER (Department of Homeland Security
Treasury Information Executive Repository). The tool consolidates
summary-level financial data from fifteen components and offices,
generating the core financial reporting for the Department.
The use of DHSTIER has enhanced the efficiency of generating
financial statements and is essential for meeting our reporting
requirements, as well as the accelerated time frames for producing the
Annual Financial Report. DHSTIER provides near-real-time financial
statement data immediately upon data upload in the system. The system
is proven, audited, and consistently delivers the required financial
reports for DHS.
Currently, we are implementing a new DHS data element to capture
Program Project Activity (PPA) in financial systems. By the second
quarter of fiscal year 2013, PPA data will feed into DHSTIER from the
component financial systems, giving us an automated, standardized way
of categorizing and accounting for DHS PPA funds and providing
visibility into budget execution data reporting down to the program
level.
In March 2011, I launched the Financial Reporting Dashboard System
(FRDS), an enterprise-wide data repository and business intelligence
tool. FRDS uses the monthly budget execution data provided to Congress
to produce enterprise-level reports and trend analysis in user-friendly
formats for Departmental leadership. This system increases our ability
to validate and improve data, which in turn provides greater
transparency and better information for decision making. Automating the
collection and validation of budget execution data will improve our
response time to inquiries from stakeholders.
FRDS provides some additional reporting capabilities and automates
others that were previously compiled manually. We can produce reports
that display data from multiple levels and sources, including
Departmental totals. Further, we can drill down from these enterprise-
level reports to obtain execution data by component or by Treasury
Account Fund Symbol (TAFS). We are also bringing DHSTIER financial data
into FRDS, which will strengthen and validate the Monthly Execution
Report.
We have established standard data elements and are working to
implement a common line of accounting to provide timely, accurate,
useful, and actionable financial information to decision makers and
stakeholders and to prevent waste, fraud, and abuse. This will increase
data sharing capabilities and interoperability, minimize the time
required to crosswalk data elements, and include applicable Federal and
National standards to provide the foundation for accurate, timely, and
reliable Departmental financial reporting.
Qualified Opinion
A significant example of the progress being made in the
Department's financial management area is exhibited by our recent
qualified opinion. Obtaining this opinion is significant progress
towards addressing a key weakness identified by GAO.
The CFO conducted targeted risk assessments to identify and
remediate weaknesses in accounting and financial reporting. We
established mission action plans for the Department's most significant
challenge areas and monitored progress against those plans throughout
the fiscal year. As a result of these efforts, DHS received a qualified
audit opinion on its fiscal year 2011 Consolidated Balance Sheet and
Statement of Custodial Activity. This accomplishment is significant
because it increases transparency and accountability for the
Department's resources.
The CFO will expand the scope of the fiscal year 2012 audit, with
the goal of obtaining an opinion on all five financial statements. The
Department will continue to implement a risk-based approach to audit
remediation and will work closely with components to mitigate any risk
of new material weaknesses or audit qualifications as a means to
sustain prior-year successes.
Finally, DHS has also made significant progress identifying and
recovering improper payments through general recovery audits, testing
of high-risk programs, and execution of corrective action plans. In
fiscal year 2011, the CFO began targeted recovery audits for high-risk
payment types. One such audit focused on telecommunication invoices and
resulted in $4 million in recoverable improper payment claims, $100,000
in immediate cost savings, and $2 million in estimated future cost
savings. We are developing additional measures, such as risk-based
analytic tools and stronger internal controls, to reduce the
probability of future improper payments.
human resources management
Aligning human resources information technology (HRIT) to increase
timeliness and efficiency of DHS human capital operations is a goal
included in the Department's Workforce Strategy for FY 2011-2016.
In September 2010, I established the Human Resources Information
Technology Executive Steering Committee, a formal governance board of
human capital, training, and IT executive representatives from every
DHS component and additional leadership from across my organization.
Our first order of business was initiating the first application of
Federal Segment Architecture at DHS. The Human Capital Segment
Architecture (HCSA) project provided a clear understanding of the best
and most appropriate ways to align the Department's Human Capital
resources--people, technology, data, and systems--to serve the
Department's critical mission effectively and efficiently. DHS received
an award titled, Leadership in Government Transformation Using
Enterprise Architecture, for this project at the annual Excellence in
Enterprise Architecture Awards ceremony in November 2011.
In 2010, the Office of the Chief Human Capital Officer (CHCO), in
partnership with CBP, implemented the COGNOS Business Intelligence
environment that provides self-service data analysis and reporting for
CHCO end-users to better direct their programs. A few significant
accomplishments to date include: Field definitions and value
calculations have been identified and standardized in accordance with
regulatory classifications established by OPM; all personnel historical
data has been populated; desktop capability for end-users to generate
reports has been developed along with recurring reports; and the
capability for recipients to execute their own reports has been
developed. We have created end-user canned reports for inclusion in the
standard report library which provides a more efficient means for
producing enterprise reports. Planned initiatives are to populate the
COGNOS technology with payroll data and automate the HR dashboard.
Additionally, during 2011, I directed CHCO to partner with CIO to
create a capability to electronically transfer personnel files,
including background investigations. Our implementation of the
eDelivery feature eliminated the need to get in a car and drive to the
location(s) where the investigative files were located. This also
eliminated hours of manual processing. We can now get what we need in
near-real-time, greatly reducing the time to adjudicate on the back end
of the on-boarding process. In fiscal year 2011, we averaged
approximately 25 days to adjudicate a case. Today, we average
approximately 15 days, five fewer days than that required to meet
Federal guidelines. Therefore, we have reduced the time by 10 days, 80
percent of which is attributed to the eDelivery system.
Other Uses of Business Intelligence
Clearly, BI is helping to transform our acquisition, financial, and
human capital management practices across the Department. We are also
focusing on going beyond capturing data to inform decisions but also to
control our limited resources. The improved management of our physical
assets has the added benefit of detecting waste, fraud, and abuse.
While these initiatives may be different, each initiative shares a
similar technical solution which leads us to building integration and
``One DHS.'' The Office of the Chief Administrative Officer (CAO) has
business intelligence initiatives capturing and reporting on asset
data.
In December 2010, we initiated an agency-wide review of the fleet
program focusing on Vehicle Allocation Methodology (VAM). Each of the
13 DHS components operating motor vehicles participated in this
collaborative effort, which included DHS headquarters. This analysis
identified the current and future vehicle inventory requirements to
achieve a diverse set of missions across the agency. As a result of
this collaborative review components identified a 3 percent reduction
in vehicle inventory. A 3 percent reduction translates to approximately
$74 million in cost avoidance with the combination of acquisitions,
fuel, and maintenance. The VAM analysis will be conducted annually, and
DHS will continue to review its fleet program with the goal to further
reduce its vehicle fleet while maintaining affordable readiness.
To date, DHS has identified and centralized all real estate
holdings and is in the process of integrating this data with multiple
components' personal property systems as a means to populate and
maintain data currency in the data warehouse. In addition, the platform
utilized by each line-of-business is standardized and will be
integrated to promote enterprise use of data sets across business
lines. This capability will serve as a ``One DHS'' decision support and
management intelligence service in the area of personal property that
will utilize integration as a key element to maturing the Department
towards a ``One DHS'' model.
conclusion
The Department has made good progress to date. All Management
Directorate line-of-business offices are developing information
standards for their respective functions and are using the Department's
business intelligence service to develop dashboards from both internal
and external stakeholders. It is expected that over the next 12 months,
we will standardize data sets and initiate pilots on enterprise
business intelligence capability.
My goal is for the decision support capability to serve as the
primary source for DHS dashboards where performance, program and
portfolio management, financial, acquisition, human capital, asset
management, enterprise architecture, cyber, and other DHS data sets are
obtained from the DHS systems of record. Those dashboards will be
integrated to provide a better view into the Department's mission
performance and identify efficiency opportunities.
As I have stated in previous public statements, one of my first
official acts upon becoming Under Secretary for Management was to issue
a memo authorizing a manual data call. At that time, a manual data call
was the only method to collect information across the Department. It
was clear to me then, as it is now, that to best serve the Department
of Homeland Security and allow leadership to make more timely and
accurate mission-related decisions, building better and integrated
information systems needed to be a priority. In fact, these
capabilities now exist through a powerful set of systems that form the
core of our emerging suite of our business analytics. These tools are
bringing DHS more in line to become, as the Secretary has prioritized,
a better integrated or One DHS.
Once again, I thank you for the opportunity to appear before you
today, and I look forward to answering your questions.
Mr. McCaul. Thank you, Mr. Borras.
The Chairman now recognizes Mr. Maurer for his opening
statement.
STATEMENT OF DAVID C. MAURER, DIRECTOR, HOMELAND SECURITY AND
JUSTICE TEAM, GOVERNMENT ACCOUNTABILITY OFFICE
Mr. Maurer. Good morning, Chairman McCaul, Ranking Member
Keating, and other Members and staff. I am pleased to be here
today to discuss DHS's on-going efforts to build an integrated
and unified department.
As you have already noted, from the day DHS opened its
doors in 2003, GAO designated its implementation as high-risk.
Completing its transformation into a cohesive department is
critical to achieving its homeland security missions. Doing so
will require continued progress in human capital, information
technology, and acquisition in financial management, as well as
integrating these functions across the Department.
Now, these are broad areas so I am going to focus my
comments this morning on a few key points. First, to carry out
its vital daily missions, DHS needs a strong uniformed
management foundation. This includes the ability to obtain a
clean financial opinion, deploy new technologies on time and
within budget, and identify and fill key skill gaps across the
Department. We have provided DHS 31 outcomes like these, which
DHS has agreed to accomplish. Collectively, these outcomes
identify where they want to go. But DHS isn't there yet.
It currently lacks vital management capabilities to
integrate the Department into something greater than the sum of
its parts. For example, DHS faces challenges identifying and
meeting acquisition program requirements, and only a small
number of DHS's major acquisitions have validated cost
estimates. DHS twice attempted and was unable to build an
integrated Department-wide financial management system. DHS
also lacks comprehensive Department-level visibility over key
human capital information.
Now, in recent years, DHS has worked hard to fix its
management problems and has achieved some key successes. For
example, last year DHS obtained a qualified audit opinion on
its balance sheet for the first time since its creation. DHS
has lowered its senior level--senior leadership vacancy rates
from a peak of 25 percent in 2006 to 10 percent in 2011. We
have also seen significant senior level support for a series of
plans to help ensure DHS missions are ably supported by a sound
management infrastructure. In particular, the Department's
December 2011 strategy for addressing high risk is a good
roadmap for moving DHS from where it is now, a department with
several management challenges, to where it wants to be, a
unified department supported by integrated management functions
that is no longer on our high-risk list.
To further strengthen its plans, we would suggest among
other things establishing measures and reporting on progress
for all initiatives, which brings me to my final point, which
is especially important: DHS needs to focus on executing its
plans. The Department has laid out an ambitious agenda and has
considerable work ahead to achieve its goals. For example, DHS
is rolling out plans for improving how it manages investments
across the Department. However, it still needs to implement
several changes to make this happen. DHS continues to face
challenges implementing information security controls and
managing its IT acquisitions, which it is trying to address
through, among other things, a new approach to overseeing IT
investments. On the financial front, DHS recently announced a
new approach for modernizing its financial systems but is still
years away from complete implementation and continues to have
material weaknesses and internal controls over financial
reporting.
In short, while DHS has made important strides addressing
its management challenges, the Department still has a great
deal of work ahead of executing its plans. Doing so is
important because building a solid management foundation will
help DHS carry out its important missions.
Mr. Chairman, thank you for the opportunity to testify this
morning. I look forward to your questions.
[The statement of Mr. Maurer follows:]
Prepared Statement of David C. Maurer
March 1, 2012
gao highlights
Highlights of GAO-12-365T, a testimony before the Subcommittee on
Oversight, Investigations, and Management, Committee on Homeland
Security, House of Representatives.
Why GAO Did This Study
Since 2003, GAO has designated the implementation and
transformation of DHS as high-risk because, among other things, DHS had
to combine 22 agencies, while ensuring no serious consequences for U.S.
National and economic security. This high-risk area includes challenges
in DHS's management functions--financial management, human capital, IT,
and acquisitions; the effect of those challenges on implementing DHS's
missions; and integrating the functions. In November 2000, GAO
published criteria for removing areas from its high-risk list. In
September 2010, GAO identified 31 actions and outcomes critical to
addressing this high-risk area. This testimony addresses DHS's progress
in: (1) Developing a strategy for addressing its high-risk designation,
and (2) achieving outcomes critical to addressing this high-risk area.
This statement is based on GAO products issued from June 2007 through
February 2012, including selected updates. It also includes preliminary
observations from GAO's on-going work reviewing DHS's IT governance.
GAO reviewed documents on IT governance and interviewed officials.
What GAO Recommends
This testimony contains no new recommendations. GAO has made over
100 recommendations to DHS since 2003 to strengthen the Department's
management and integration efforts. DHS has implemented many of these
recommendations and is in the process of implementing others.
department of homeland security.--continued progress made improving and
integrating management areas, but more work remains
What GAO Found
The Department of Homeland Security (DHS) has updated and
strengthened its strategy for how it plans to address GAO's high-risk
designation and resolve the Department's management challenges. In
January 2011, DHS provided GAO with its Integrated Strategy for High-
Risk Management, which summarized the Department's preliminary plans
for addressing the high-risk area. GAO found that this strategy, which
was later updated in June and December 2011, was generally responsive
to the actions and outcomes needed to address GAO's high-risk
designation. For example, the January 2011 strategy generally
identified multiple, specific actions and target completion time frames
consistent with the outcomes GAO identified. However, the strategy did
not address the root causes of problems, among other things. In its
June 2011 strategy, DHS, among other things, identified 10 root causes
that cut across the management areas and their integration.
Nevertheless, GAO identified ways the strategy could be strengthened,
including consistently reporting the progress of its initiatives and
corrective actions. In its most recent update, DHS better positioned
itself to address its management challenges. For example, for the first
time, DHS included ratings of the Department's progress addressing its
high-risk outcomes. However, GAO believes that DHS could more
consistently report on available resources and corrective actions,
establish measures and report on progress made for all initiatives, and
stabilize its methodology for measuring progress. These changes, if
implemented and sustained, provide a path for DHS to address GAO's
high-risk designation.
DHS has made progress, but has considerable work ahead to achieve
actions and outcomes critical to addressing this high-risk area. Among
other accomplishments, DHS realigned its acquisition management
functions within a new office to assess the health of major
acquisitions and investments; conducted program and portfolio reviews
of hundreds of information technology (IT) investments; and reduced the
number of material weaknesses in internal controls. DHS also
demonstrated top leadership commitment by identifying roles and
responsibilities for its key management initiatives. However, DHS has
more work ahead to fully implement its plans and address its management
challenges. For example, in June 2010 GAO reported that over half of
the programs reviewed awarded contracts to initiate acquisition
activities without component or Department approval of essential
planning documents. In addition, DHS faces challenges fully defining
key system investment and acquisition management policies and
procedures. Further, as of September 30, 2011, due to material
weaknesses in internal controls over financial reporting, DHS was
unable to provide assurance that these internal controls were operating
effectively. In September 2011 we reported that DHS also continues to
face challenges implementing some key human capital initiatives, such
as its workforce strategy. DHS also needs to continue to demonstrate
sustainable progress in integrating its management functions within and
across the Department and its components, including making progress
with its model for managing investments across components and
management functions. GAO will continue to assess DHS's efforts to
address its high-risk designation and will report its findings on the
Department's progress in the high-risk update that it expects to issue
in early 2013.
Chairman McCaul, Ranking Member Keating, and Members of the
subcommittee: I am pleased to be here today to discuss the Department
of Homeland Security's (DHS) on-going efforts to build a single,
unified department. DHS now has more than 200,000 employees and almost
$60 billion in budget authority, and completing its transformation into
a cohesive department is critical to achieving its homeland security
missions. Our prior work on mergers and organizational transformations,
undertaken before the creation of DHS, found that successful
transformations of large organizations, even those faced with less-
strenuous reorganizations than DHS, can take years to achieve.\1\ Since
the Department's creation in 2003, GAO has designated the
implementation and transformation of DHS as high-risk because DHS had
to combine 22 agencies--several with major management challenges--into
one department, and failure to effectively address DHS's management and
mission risks could have serious consequences for U.S. National and
economic security.\2\ This high-risk area includes challenges in
strengthening DHS's management functions--financial management, human
capital, information technology (IT), and acquisition management--the
effect of those challenges on DHS's mission implementation, and
challenges in integrating management functions within and across the
Department and its components.
---------------------------------------------------------------------------
\1\ See GAO, Highlights of a GAO Forum: Mergers and
Transformations: Lessons Learned for a Department of Homeland Security
and Other Federal Agencies, GAO-03-293SP (Washington, DC: Nov. 14,
2002) and Results-Oriented Cultures: Implementation Steps to Assist
Mergers and Organizational Transformations, GAO-03-669 (Washington, DC:
July 2, 2003).
\2\ GAO, High-Risk Series: An Update, GAO-03-119 (Washington, DC:
January 2003). In addition to this high-risk area, DHS has
responsibility for other areas we have designated as high-risk.
Specifically, in 2005 we designated information sharing for homeland
security as high-risk, involving a number of Federal departments to
include DHS, and in 2006, we identified the National Flood Insurance
Program as high-risk. Further, in 2003 we expanded the scope of the
high-risk area involving Federal information security, which was
initially designated as high-risk in 1997, to include the protection of
the Nation's computer-reliant critical infrastructure. GAO High-Risk
Series: An Update, GAO-09-271 (Washington, DC: January 2009); High-Risk
Series: An Update, GAO-07-310 (Washington, DC: January 2007); and High-
Risk Series: An Update, GAO-05-207 (Washington, DC: January 2005).
---------------------------------------------------------------------------
In November 2000, we published our criteria for removing areas from
the high-risk list.\3\ Specifically, agencies must have: (1) A
demonstrated strong commitment and top leadership support to address
the risks; (2) the capacity (that is, the people and other resources)
to resolve the risks; (3) a corrective action plan that identifies the
root causes, identifies effective solutions, and provides for
substantially completing corrective measures in the near-term,
including but not limited to steps necessary to implement solutions we
recommended; (4) a program instituted to monitor and independently
validate the effectiveness and sustainability of corrective measures;
and (5) the ability to demonstrate progress in implementing corrective
measures.
---------------------------------------------------------------------------
\3\ GAO, Determining Performance and Accountability Challenges and
High Risks, GAO-01-159SP (Washington, DC: November 2000).
---------------------------------------------------------------------------
On the basis of our prior work, in September 2010 we identified and
provided to DHS 31 actions and outcomes that are critical to addressing
the challenges within the Department's management areas and in
integrating those functions across the Department. These key actions
and outcomes include, among others, obtaining and then sustaining
unqualified audit opinions for at least 2 consecutive years on the
Department-wide financial statements; validating required acquisition
documents in accordance with a Department-approved, knowledge-based
acquisition process; and demonstrating measurable progress in
implementing its IT human capital plan and accomplishing defined
outcomes.\4\ DHS committed to taking actions to address all 31 of these
outcomes. Achieving and sustaining progress in these areas would
demonstrate the Department's ability and commitment to addressing our
five criteria for removing issues from the high-risk list.
---------------------------------------------------------------------------
\4\ An unqualified opinion states that the financial statements
present fairly, in all material respects, the financial position,
results of operations, and cash flows of the entity in conformity with
generally accepted accounting principles.
---------------------------------------------------------------------------
My testimony this morning will discuss our observations, based on
prior and on-going work, on DHS's progress in: (1) Developing a
strategy for addressing its high-risk designation for the
implementation and transformation of the Department, and (2) achieving
outcomes critical to addressing the high-risk designation.
This statement is based on prior reports and testimonies we issued
from June 2007 through February 2012, as well as letters we submitted
to DHS in March and November 2011 providing feedback on the
Department's January and June 2011 versions of its Integrated Strategy
for High-Risk Management.\5\ The statement is also based on selected
updates we obtained from May 2011 through February 2012. For the past
products, among other things, we interviewed DHS officials; analyzed
DHS strategies and other documents related to the Department's
implementation and transformation high-risk area; and reviewed our past
reports, issued since DHS began its operations in March 2003. All of
this work was conducted in accordance with generally accepted
Government auditing standards, and more-detailed information on the
scope and methodology from our prior work can be found within each
specific report. For the updates, we obtained information from DHS on
its transformation and management integration efforts through, among
other things: (1) Obtaining the December 2011 version of the Integrated
Strategy for High-Risk Management, and (2) meeting with DHS officials,
including the Under Secretary for Management and Deputy Under Secretary
for Management. This statement is also based on preliminary
observations from our on-going work in response to your request to
review DHS's progress in implementing the new IT governance approach.
For this work, among other things, we are reviewing DHS documentation
on its planned IT governance process and interviewing DHS officials
responsible for implementing this process. We are conducting this work
in accordance with generally accepted Government auditing standards.
Those standards require that we plan and perform the audit to obtain
sufficient, appropriate evidence to provide a reasonable basis for our
findings and conclusions based on our audit objectives. We believe that
the evidence obtained provides a reasonable basis for our findings and
conclusions based on our audit objectives.
---------------------------------------------------------------------------
\5\ See the related products list at the end of this statement.
---------------------------------------------------------------------------
dhs has updated its strategy for addressing its high-risk designation
Since January 2011, DHS has continued to update and strengthen its
strategy for how the Department plans to address our high-risk
designation and resolve its management challenges. In January 2011, DHS
provided us with its initial Integrated Strategy for High-Risk
Management, which summarized the Department's preliminary plans for
addressing the high-risk area. The January 2011 strategy, which DHS
later updated in June 2011 and December 2011, was generally responsive
to the actions and outcomes we identified for the Department to address
this high-risk area. Specifically, in our March 2011 written response
to DHS's January 2011 update, we stated that:
the strategy generally identified multiple, specific actions
and target completion time frames consistent with the outcomes
we identified;
designated senior officials to be responsible for
implementing most actions; and,
included scorecards to depict, at a high level, the
Department's views of its progress in addressing each high-risk
area and a framework for monitoring implementation of
corrective actions through, among other things, quarterly
meetings between DHS and us.
However, the January 2011 update generally did not discuss the root
causes of problems. Further, while the strategy identified whether DHS
believed it had the resources available to implement planned actions,
it did not identify what the specific resource needs were or what
additional resources may be needed, making it difficult to assess the
extent to which DHS has the capacity to implement those actions.
In June 2011, DHS updated its Integrated Strategy for High-Risk
Management. The update demonstrated the Department's continued
leadership commitment to address the high-risk designation and
represented continued progress. For example:
DHS identified 10 root causes that cut across the four
management functions and management integration. By identifying
these root causes, the Department better positioned itself to
determine corrective actions for addressing the underlying
problems that have affected its management implementation
efforts, and to assess the extent to which progress made in
implementing the corrective actions has mitigated those
underlying problems.
DHS organized its corrective actions into 16 key management
initiatives (e.g., financial management controls, IT program
governance, and procurement staffing model) to address its
management challenges and the 31 actions and outcomes we
identified.
Identifying key management initiatives should help DHS prioritize
its efforts and resources for addressing its root causes and management
challenges, and provide a useful framework for monitoring the
Department's implementation of the initiatives and associated
corrective actions. However, elements of the update could be
strengthened or clarified to better address our high-risk criteria and
the actions and outcomes we previously identified, including: (1)
Better defining the root causes of its management problems; (2)
clarifying the resources available to implement corrective actions; (3)
consistently reporting the progress of its corrective actions; and (4)
more clearly and consistently reporting the progress of its key
management initiatives.
DHS provided its most recent update to its strategy in December
2011. Overall, we believe that the December update positions the
Department to address its management challenges and the implementation
and transformation high-risk area. For example:
DHS updated its initiatives--removing two initiatives from
the management integration area and adding four new
initiatives, including human resources information technology,
management health assessment, strategic sourcing, and
acquisition workforce development;\6\
---------------------------------------------------------------------------
\6\ DHS reported eliminating: (1) The policies, procedures, and
management directive initiative because all of the actions had been
completed, and (2) the Department-wide performance management
initiative because it did not address the high-risk outcomes.
---------------------------------------------------------------------------
DHS included, for the first time, ratings of the
Department's progress addressing the 31 high-risk outcomes;
and:
DHS enhanced its reporting and rating methodology for its
key management initiatives. Specifically, DHS replaced a color-
coded (green, yellow, or red) rating system used in previous
updates with a new system for self-reporting progress. DHS now
measures and reports its progress addressing the five criteria
for removal from high-risk in two ways. One way uses standard
indicators for measuring progress and a pie graph for reporting
such progress across all of its key management initiatives
against the first four criteria--leadership commitment,
capacity, corrective action plans, and monitoring. The second
way uses specific performance measures unique to each
initiative for measuring progress and a fuel-type gauge for
reporting on the fifth criterion--demonstrated progress.
According to DHS, the revised methodology, amongst other
things, results in a more objective view of each initiative's
progress.
However, the December 2011 update could be strengthened or
clarified to better enable DHS and GAO to assess the Department's
progress, in the following ways:
More clearly and consistently report the resources available
to implement corrective actions.--DHS identified whether it had
sufficient resources to implement most of the corrective
actions. However, as we also reported to DHS regarding the
January and June 2011 strategies, for many corrective actions
DHS did not provide information on what the specific resource
needs are or what additional resources may be needed to
implement the corrective actions. The absence of resource
information makes it difficult to fully assess the extent to
which DHS has the capacity to implement these actions,
particularly within the time frames identified for the
corrective actions.
Consistently report on corrective actions.--DHS provided
information on the Department's rationale for eliminating and
adding key management initiatives, but has not consistently
provided such information for the corrective actions it
established for each initiative. For example, the December
strategy contained three new corrective actions for the IT
program-governance initiative that were not in the June 2011
strategy, but did not include three corrective actions that had
been in the June 2011 strategy. The December strategy did not
consistently explain the Department's rationale for eliminating
or adding corrective actions from the June strategy, such as
whether the corrective actions were already completed, or if
the corrective actions were no longer appropriate or feasible.
Without consistently providing information on the basis for
DHS's decision to add or remove corrective actions, it is
difficult for DHS and us to track the status and progress of
the Department's efforts to fully implement its management
initiatives.
Establish measures and report on progress for all
initiatives.--DHS established a total of 58 measures to track
its demonstrated progress in implementing the 18 initiatives
included in the December 2011 strategy. While these measures
provide additional insight into DHS's self-reported progress
and represent an important improvement from the June 2011
strategy, DHS has not yet established measures for one of its
initiatives--the new management health assessment initiative--
and did not report on its progress for more than 40 percent (24
of the 58) of the measures in the December 2011 strategy.
Without establishing measures and consistently reporting on
their progress, neither DHS nor we can fully assess the
Department's progress in implementing its initiatives.
Stabilize its methodology for measuring progress.--We
believe that the enhanced methodology DHS established for
assessing its progress in implementing its initiatives
generally allows for a more objective assessment. However, the
evolving nature of DHS's methodology, which the Department
revised in the June 2011 strategy and again in the December
strategy, makes it difficult to effectively monitor the
Department's progress over time.
By strengthening these four aspects, we believe the December 2011
strategy, if implemented and sustained, provides a path for DHS to
address our high-risk designation. We will continue to closely monitor
and assess DHS's progress in addressing the high-risk designation and
the Department's overall transformation efforts as part of our work for
the 2013 high-risk update, which we plan to issue in January 2013.
dhs has made progress, but more work remains to achieve high-risk
outcomes
DHS has made progress addressing management challenges and
achieving high-risk outcomes in some key areas. The Secretary and
Deputy Secretary of Homeland Security, and other senior officials, have
demonstrated commitment and top leadership support to address the
Department's management challenges. As the following examples
illustrate, DHS is making progress achieving the long-term goal of
enhancing its management capabilities and building a more-integrated
Department.
In June 2011, we reported that, per Departmental acquisition
guidance, DHS's Science and Technology Directorate reviewed and
approved test and evaluation documents and plans for programs
undergoing testing, and conducted independent assessments for
the programs that completed operational testing.\7\ In October
2011, to enhance the Department's ability to oversee major
acquisition programs, DHS realigned the acquisition management
functions previously performed by two divisions within the
Office of Chief Procurement Officer to establish the Office of
Program Accountability and Risk Management (PARM). PARM, which
is responsible for program governance and acquisition policy,
serves as the Management Directorate's executive office for
program execution and works with DHS leadership to assess the
health of major acquisitions and investments. To help with this
effort, PARM is developing a database, known as the Decision
Support Tool, intended to improve the flow of information from
component program offices to the Management Directorate to
support its governance efforts. DHS also included a new
management initiative in its December 2011 update (strategic
sourcing) to increase savings and improve acquisition
efficiency by consolidating contracts Department-wide for the
same kinds of products and services, and reported awarding 14
strategically-sourced contracts in fiscal year 2011. We
currently have on-going work related to both of these areas
that we will report on later this year.\8\
---------------------------------------------------------------------------
\7\ GAO, DHS Science and Technology: Additional Steps Needed to
Ensure Test and Evaluation Requirements Are Met, GAO-11-596
(Washington, DC: June 15, 2011).
\8\ We are doing this work at the request of the Senate Committee
on Homeland Security and Governmental Affairs. Our strategic sourcing
work is also being done for the House Committee on Oversight and
Government Reform.
---------------------------------------------------------------------------
In February 2012, we reported that the DHS Chief Information
Officer (CIO) and Chief Human Capital Officer were coordinating
to streamline and consolidate the Department's human resources
investments.\9\ Specifically, in 2010 and 2011, the DHS CIO
conducted program and portfolio reviews of hundreds of IT
investments and systems. DHS evaluated portfolios of
investments within its components to avoid investing in systems
that are duplicative or overlapping, and to identify and
leverage investments across the Department. DHS also
consolidated: (1) 6 personnel security-related systems into its
Department-wide Integrated Security Management System--with an
additional personnel security system planned for consolidation
in 2012, and (2) two components' portals into the Homeland
Security Information Network, with plans to consolidate 12
additional portals before 2014.
---------------------------------------------------------------------------
\9\ GAO, Information Technology: Departments of Defense and Energy
Need to Address Potentially Duplicative Investments, GAO-12-241
(Washington, DC: Feb. 17, 2012).
---------------------------------------------------------------------------
DHS has reduced the number of material weaknesses in
internal controls from 18 since the inception of the Department
in 2003 to 5 in fiscal year 2011.\10\ In addition, in fiscal
year 2010 DHS committed to the goal of receiving a qualified
audit opinion on its consolidated balance sheet in fiscal year
2011 by, for example, remediating financial management issues
at the U.S. Coast Guard (USCG).\11\ In fiscal year 2011, DHS
achieved this goal by moving from a disclaimer of opinion to a
qualified audit opinion on its balance sheet and statement of
custodial activity for the first time since the Department's
creation.\12\ In its December 2011 strategy, DHS reported plans
to expand the audit to all financial statements in fiscal year
2012. DHS believes this will identify additional areas for
corrective action and help it to obtain a clean audit opinion
on all financial statements by September 2013, although there
is no clear plan for how full auditability will be achieved.
---------------------------------------------------------------------------
\10\ A material weakness is a significant deficiency, or a
combination of significant deficiencies, in internal control such that
there is a reasonable possibility that a material misstatement of the
entity's financial statements will not be prevented or detected and
corrected on a timely basis. A significant deficiency is a deficiency,
or combination of deficiencies, in internal control that is less severe
than a material weakness, yet important enough to merit attention by
those charged with governance. A deficiency in internal control exists
when the design or operation of a control does not allow management or
employees, in the normal course of performing their assigned functions,
to prevent, or detect and correct, misstatements on a timely basis.
\11\ A qualified opinion states that, except for the effects of the
matter(s) to which the qualification relates, the audited financial
statements present fairly, in all material respects, the financial
position, results of operations, and cash flows of the entity in
conformity with generally accepted accounting principles. The matter(s)
to which the qualification relates could be due to a scope limitation,
or the audited financial statements containing a material departure
from generally accepted accounting principles, or both.
\12\ A disclaimer of opinion states that the auditor does not
express an opinion on the financial statements (e.g., scope
limitations).
---------------------------------------------------------------------------
In February 2012, we reported that DHS consolidated five
time-and-attendance systems into a Department-wide time-and-
attendance system and plans to incorporate an additional
component by June 2012.\13\ This consolidation effort is part
of DHS's broader human resources IT initiative. This initiative
is intended to, among other things: (1) Support the development
and implementation of consistent and consolidated human
resources IT systems across DHS, and (2) strengthen and unify
the Department's ability to collect and share human resource
information. We also reported in February 2012 that DHS had
initiated a Senior Executive Service Candidate Development
Program in May 2011 to build its senior leadership pipeline
within the Department--consolidating what had been four
individual leadership programs into a single DHS-wide program--
and lowered its senior leadership vacancy rates from a peak of
25 percent in 2006 to 10 percent at the end of fiscal year
2011.\14\
---------------------------------------------------------------------------
\13\ GAO, Information Technology: Department of Defense and Energy
Need to Address Potentially Duplicative Investments, GAO-12-241
(Washington, DC: Feb. 17, 2012).
\14\ GAO-12-264.
---------------------------------------------------------------------------
In February 2011, we reported that the Department put in
place common policies, procedures, and systems within
individual management functions, such as human capital, that
help to integrate its component agencies.\15\ DHS has also
demonstrated top leadership commitment by identifying roles and
responsibilities at the departmental level for the key
management initiatives it has included in the December 2011
strategy. Additionally, DHS has promoted accountability for
management integration among Department and component
management chiefs by, among other things, having the Department
chiefs provide written objectives that explicitly reflect
priorities and milestones for that management function as well
as aligning the component chiefs' individual performance plans
to the Department's goals and objectives.
---------------------------------------------------------------------------
\15\ GAO, Department of Homeland Security: Progress Made and Work
Remaining in Implementing Homeland Security Missions 10 Years after 9/
11, GAO-11-881 (Washington DC: Sept. 7, 2011); GAO, DHS: A
Comprehensive Strategy Is Still Needed to Achieve Management
Integration Department-wide, GAO-10-318T (Washington, DC: Dec. 15,
2009).
---------------------------------------------------------------------------
In its December 2011 strategy, DHS presented detailed plans to
address a number of management challenges. However, in many instances,
DHS has considerable work ahead to fully implement these plans and
address these challenges.
Our prior work has identified challenges related to
acquisition oversight, cost growth, and schedule delays,
including Departmental concerns about the accuracy of cost
estimates for some of DHS's major programs. For example, in
June 2010 we reported that over half of the programs we
reviewed awarded contracts to initiate acquisition activities
without component or Department approval of documents essential
to planning acquisitions, such as mission need statements
outlining the specific functional capabilities required to
accomplish DHS's mission and objectives; operational
requirements; and acquisition program baselines.\16\
Additionally, we reported that only a small number of DHS's
major acquisitions had validated cost estimates. Further, DHS
reported in its December 2011 strategy that senior executives
are not confident enough in the data to use the Decision
Support Tool developed by PARM to help make acquisition
decisions. However, DHS's plans to improve the quality of the
data in this database are limited. At this time, PARM only
plans to check the data quality in preparation for key
milestone meetings in the acquisition process. This could
significantly diminish the Decision Support Tool's value
because users cannot confidently identify and take action to
address problems meeting cost or schedule goals prior to
program review meetings.
---------------------------------------------------------------------------
\16\ GAO, Department of Homeland Security: Assessments of Selected
Complex Acquisitions, GAO-10-588SP (Washington, DC: June 30, 2010).
---------------------------------------------------------------------------
DHS continues to face challenges in managing its IT
acquisitions, ensuring proper implementation and Department-
wide coordination, and implementing information security
controls. For example, as we reported in 2011, DHS faces
challenges fully defining key system investment and acquisition
management policies and procedures for IT.\17\ Moreover, the
extent to which DHS implemented these investment and
acquisition management policies and practices in major IT
programs has been inconsistent. We also reported that major IT
acquisition programs were not subjected to executive-level
acquisition and investment management reviews. As a result,
major programs aimed at delivering important mission
capabilities had not lived up to their capability, benefit,
cost, and schedule expectations. DHS is currently pilot testing
a new approach for overseeing and managing its IT acquisitions.
We are currently reviewing this new governance approach and
expect to report the results of our work later this year.
Further, we previously reported on the need for Federal
agencies, including DHS, to improve implementation of
information security controls, such as those for configuring
desktop computers and wireless communication devices.\18\ DHS
reports that, as of December 2011, it mostly addressed IT
security. However, the DHS Office of Inspector General
continues to report a material weakness in this area and
identifies information security as a major management challenge
facing the Department.
---------------------------------------------------------------------------
\17\ GAO-11-881.
\18\ GAO, Information Security: Federal Agencies Have Taken Steps
to Secure Wireless Networks, but Further Actions Can Mitigate Risk,
GAO-11-43 (Washington, DC: Nov. 30, 2010); and Information Security:
Agencies Need to Implement Federal Desktop Core Configuration
Requirements, GAO-10-202 (Washington, DC: Mar. 12, 2010).
---------------------------------------------------------------------------
Due to material weaknesses in internal controls over
financial reporting, DHS was unable to provide assurance that
internal controls over financial reporting were operating
effectively as of September 30, 2011. According to DHS, due to
existing internal control weaknesses and focus on corrective
actions, the audit opinion on internal controls over financial
reporting will likely remain a disclaimer in fiscal year 2012.
DHS also faces challenges in modernizing its financial systems.
We previously reported that DHS twice attempted to implement an
integrated Department-wide financial management system, but had
not been able to consolidate its disparate systems.
Specifically, in June 2007, we reported that DHS ended its
Electronic Managing Enterprise Resources for Government
Effectiveness and Efficiency effort after determining that the
resulting financial management systems would not provide the
expected system functionality and performance.\19\ In December
2009, we reported that the Transformation and Systems
Consolidation program had been significantly delayed by bid
protests and related litigation.\20\ In March 2011, DHS ended
this program and reported that moving forward it would consider
alternatives to meet revised requirements. In 2011, DHS decided
to change its strategy for financial system modernization.
Rather than implement a Department-wide integrated financial
management system solution, DHS opted for a decentralized
approach to financial management systems modernization at the
component level. Specifically, DHS reported in its December
2011 strategy that it plans to replace financial management
systems at three components it has identified as most in need,
including the Federal Emergency Management Agency (FEMA), USCG,
and Immigrations and Customs Enforcement (ICE). As of February
2012, DHS officials stated that they first planned to modernize
FEMA's system, which would start using a Federal shared service
provider at the beginning of fiscal year 2015. DHS officials
told us they had not yet identified the specific approach or
necessary resources and time frames for implementing new
systems at USCG and ICE. It is not clear whether DHS's new,
decentralized approach to financial system modernization will
ensure that component's financial management systems can
generate reliable, useful, timely information for day-to-day
decision making; enhance the Department's ability to
comprehensively view financial information across DHS; and
comply with related Federal requirements at DHS and its
components. We will continue to monitor DHS's actions in this
area.
---------------------------------------------------------------------------
\19\ GAO, Homeland Security: Department-wide Integrated Financial
Management Systems Remain a Challenge, GAO-07-536 (Washington, DC: June
21, 2007).
\20\ GAO, Financial Management Systems: DHS Faces Challenges to
Successfully Consolidating Its Existing Disparate Systems, GAO-10-76
(Washington, DC: Dec. 4, 2009).
---------------------------------------------------------------------------
DHS continues to face challenges implementing some of its
key human capital initiatives and functions. For example, the
DHS Chief Information Officer's (CIO) September 2011 assessment
of the human resources IT program identified two risks that
could have adverse effects on the cost and schedule of the
program. First, if the program is unable to meet its
established baseline schedules, there is a high probability of
program breach and potential loss of funding due to lack of
prioritization. Second, if a thorough understanding of existing
legacy applications and processes across the DHS components is
not achieved, the new, consolidated system will not adequately
replace existing functionality nor provide the stable
operational functionality needed from the program. DHS has also
struggled with low job satisfaction among its employees since
its inception. For the 2011 Federal Employee Viewpoint Survey,
DHS scored below the Government-wide average on the Office of
Personnel Management's Job Satisfaction Index and ranked 31st
of 33 Federal agencies on employee satisfaction, according to
the Partnership for Public Service's analysis of the survey
results. At the subcommittee's request, we currently have work
underway evaluating the effectiveness of DHS's plans and
efforts to address its employee morale issues and expect to
report our findings later this year. Further, in June 2011, DHS
reported that it was developing component operational plans to
implement its Department-wide workforce strategy and align the
component plans with the goals, measures, and objectives of the
strategy. However, in its December 2011 strategy, DHS reported
that it had not finished providing feedback to components on
their fiscal year 2011 plans.
DHS needs to continue to demonstrate sustainable progress in
integrating its management functions within and across the
Department and its components and take additional actions to
further and more effectively integrate the Department.
Specifically, in its January 2011 high-risk strategy, DHS
described plans to establish an Integrated Investment Life
Cycle Model (IILCM) for managing investments across its
components and management functions; strengthening integration
within and across those functions; and ensuring mission needs
drive investment decisions. This framework seeks to enhance DHS
resource decision making and oversight by creating new
department-level councils to identify priorities and capability
gaps, revising how DHS components and lines of business manage
acquisition programs, and developing a common framework for
monitoring and assessing implementation of investment
decisions. DHS reported in December 2011 that the IILCM
initiative had made little progress since January 2011 though
the Department planned to begin using the IILCM by the end of
September 2012. The Department also indicated it had not
determined resource needs to accomplish any of the eight
associated corrective actions it has identified for this
initiative.
While DHS has made progress, the Department still faces
considerable challenges. Going forward, DHS needs to continue
implementing its Integrated Strategy for High-Risk Management and show
measurable, sustainable progress in implementing its key management
initiatives and corrective actions and achieving outcomes. We will
continue to monitor and assess DHS's implementation and transformation
efforts through our on-going and planned work, including the 2013 high-
risk update that we expect to issue in early 2013.
Chairman McCaul, Ranking Member Keating, and Members of the
subcommittee, this concludes my prepared statement. I would be pleased
to respond to any questions that you may have.
Mr. McCaul. Thank you Mr. Maurer for your testimony.
The Chairman now recognizes Mr. Edwards for his testimony.
STATEMENT OF CHARLES K. EDWARDS, ACTING INSPECTOR GENERAL, U.S.
DEPARTMENT OF HOMELAND SECURITY
Mr. Edwards. Good morning, Chairman McCaul, Ranking Member
Keating, and distinguished Members of the subcommittee.
Thank you for inviting me today to testify about the
integration of information across the Department, specifically
in the areas of financial and acquisition management.
The Department achieved a significant milestone in the area
of financial management in fiscal year 2011. For the first time
since 2003, DHS was able to produce an auditable balance sheet
and a statement of custodial activity. The independent auditors
rendered a qualified opinion on those financial statements.
Nevertheless, the Department still has much work to do. The
independent auditors were unable to perform procedures
necessary to form an opinion on DHS internal control of
financial reporting on fiscal year 2011 balance sheet and the
statement of custodial activity. As part of the fiscal year
2011 audit, the independent auditors identified a pervasive
financial system functionality limitation at all of the
significant DHS components.
The Department's financial information technology system
infrastructure is aging and has limited functionality, which is
hindering the Department's ability to implement efficient
corrective actions and produce reliable financial statements.
The auditors noted that many of the financial systems in use at
DHS components have been inherited from legacy agencies and
have not been substantially updated since DHS's inception.
As a result, on-going financial system functionality
limitations are contributing to the Department's challenges in
addressing systemic internal control weaknesses and
strengthening the overall control environment. Since 2003, the
Department has made several efforts to consolidate its
component financial systems.
Most recently, the Department cancelled a solicitation for
the transformation and system consolidation, or TASC, program
in May 2011. We have communicated with the Department regarding
its plans for the modernization of its financial systems, and
we will begin a review of its new efforts later this month.
With respect to acquisition management, acquisitions
consume a significant part of DHS's annual budget and are
fundamental to the Department's ability to accomplish its
mission. In April 2011, we published an audit report regarding
DHS oversight of component acquisition programs. In that
report, we found that the Department needs to provide
additional guidance and improved controls in some areas. One of
the areas that we targeted for improvement concerned the use of
the Next Generation Periodic Reporting System, or nPRS.
nPRS is an integrated system that provides visibility to
the Department to track component acquisition investments.
Component personnel are responsible for entering and updating
information in nPRS, including cost, budget, performance, and
scheduled data. As a result of our audit, we determined that
the Department has issued conflicting guidance and enforcement
for reporting in nPRS since the system became operational in
2008.
For the 17 acquisition programs to be reviewed during our
audit, we found that components were not completing and
reporting all key information in nPRS. We found some other
inconsistencies during our audit. Not all of the 86 programs
identified by the Department on its list of major acquisition
programs were reported in nPRS by components. When we
questioned the Department personnel about the differences
between the list of major acquisition programs and nPRS, they
stated that the differences were due to timing issues.
However, we were not able to reconcile the differences to
verify that they were timing-related. Our audit report
recommended that the Department mandate the use of nPRS for all
acquisition programs and issue improved guidance regarding nPRS
reporting. The chief procurement officer agreed with our
recommendation and stated that by April 30, 2011, it would
issue guidance to components to require inclusion of all level
1, 2, and 3 acquisition programs within the nPRS tracking tool.
We are continuing to monitor the implementation of this
recommendation. On February 16, 2012, we received the
Department's latest update. In that update, the Department
stated that it was integrating its components to ensure that
all acquisition programs are recorded accurately in nPRS on a
monthly basis.
While we are encouraged by the Department's actions, this
effort does not meet the full intent of our recommendation that
the use of nPRS is mandated across the Department.
Chairman McCaul, this concludes my prepared remarks, and I
would be happy to answer any questions that you or other
Members may have. Thank you.
[The statement of Mr. Edwards follows:]
Prepared Statement of Charles K. Edwards
March 1, 2012
Good morning Chairman McCaul, Ranking Member Keating and
distinguished Members of the subcommittee: I am Charles K. Edwards,
Acting Inspector General of the Department of Homeland Security (DHS).
Thank you for inviting me to testify today about the integration of
information across the Department, specifically in the areas of
financial management, acquisition management, and human capital
management.
As you know, the DHS Office of Inspector General (OIG) was
established in January 2003 by the Homeland Security Act of 2002 by
amendment to the Inspector General Act of 1978. The DHS OIG seeks to
promote economy, efficiency, and effectiveness in DHS programs and
operations and reports directly to both the DHS Secretary and the
Congress. We fulfill our mission primarily by issuing audit,
inspection, and investigative reports that include recommendations for
corrective action, and by referring cases to the United States Attorney
General for prosecution.
I am pleased to have the opportunity to testify about two of our
audit reports today. My testimony will focus on the areas of financial
management and acquisition management.
I will describe some of the challenges facing DHS, the steps DHS
has taken and its progress in addressing those challenges, as well as
provide details regarding further improvements the Department can make.
financial management
In an effort to reduce redundancy, weaknesses, and vulnerabilities
in its financial systems, DHS has made several attempts to consolidate
its financial systems since the Department's creation.
The first attempt, known as the Electronically Managing Enterprise
Resources for Government Effectiveness and Efficiency project, was
canceled in December 2005, due to technical challenges in the
integration efforts. The second attempt, a task order issued in August
2007, for a solution architect to develop and implement a new system
under the Enterprise Acquisition Gateway for Leading Edge Solutions
contract ended when no bids were received. The third attempt, called
Transformation and Systems Consolidation (TASC) Baseline, focused on
moving DHS components to one of two financial systems platforms: SAP or
Oracle. On March 17, 2008, the TASC baseline approach ended when a
Federal court ruled against DHS in the court case of Savantage
Financial Services, Inc. vs. United States. The court ruled that DHS'
decision to use Oracle and SAP financial software systems via ``Brand
Name Justification'' was an improper sole source procurement in
violation of the Competition in Contracting Act.
In May 2008, the TASC initiative was revised to acquire an
integrated financial, acquisition, and asset management solution for
DHS. This approach was a larger effort than DHS had attempted
previously because it attempted to not only consolidate component
financial systems but also to implement DHS-wide asset management and
procurement systems. TASC was a Department-wide effort co-sponsored by
the DHS Under Secretary for Management (USM) and the Chief Financial
Officer.
In January 2009, the TASC program issued a RFP for a vendor to
integrate, test, deploy, manage, operate, and maintain the transformed
business processes and services of an integrated financial acquisition
and asset management solution for DHS. In July 2010, we issued an audit
report, DHS Needs to Address Challenges to Its Financial Systems
Consolidation Initiative. The objective of our audit was to determine
whether DHS was making progress in developing and implementing the TASC
initiative. Our audit report included five recommendations; the
Department concurred or partially concurred with all five.
Subsequently, in May 2011, the Department announced that it was
cancelling the solicitation for the TASC program and was considering
alternatives to meet revised requirements. We understand that the
Department is considering options, and we will continue to be in
communication with the Department regarding its plans.
Although the Department has not completed the modernization and
consolidation of its financial systems, it continued to improve
financial management in fiscal year 2011 and achieved a significant
milestone. For the first time since 2003, the Department was able to
produce an auditable balance sheet and statement of custodial activity
and the independent auditors rendered a qualified opinion on those
financial statements. Nevertheless, the Department still has much work
to do. The independent auditor was unable to perform procedures
necessary to form an opinion on DHS' internal control over financial
reporting of the fiscal year 2011 balance sheet and statement of
custodial activity.
The independent auditors identified pervasive financial system
functionality limitation at all of the significant DHS components. The
Department's financial information technology system is aging and has
limited functionality, which is hindering the Department's ability to
implement efficient corrective actions and produce reliable financial
statements. The auditors noted that many of the financial systems in
use at DHS components have been inherited from the legacy agencies and
have not been substantially updated since DHS' inception. As a result,
on-going financial system functionality limitations are contributing to
the Department's challenges in addressing systemic internal control
weaknesses and strengthening the overall control environment.
acquisition management
Background
Acquisitions consume a significant part of the Department of
Homeland Security's annual budget and are fundamental to the
Department's ability to accomplish its mission. In fiscal year 2010,
DHS awarded over $13 billion for more than 88,000 procurement actions.
The USM is responsible for the overall DHS acquisition process. As
the Department's Chief Acquisition Officer, the USM is responsible for
managing, administering, and overseeing the Department's acquisition
policies and procedures. The USM delegates the responsibility for
effective Department-wide procurement policies and procedures,
including procurement integrity, to the Chief Procurement Officer
(CPO). The Office of the CPO (OCPO) is responsible for oversight of
most DHS acquisition activities and services, including management,
administration, and strategic sourcing. OCPO responsibilities also
include developing and publishing Department-wide acquisition
regulations, directives, policies, and procedures.
The USM also delegates the responsibility for developing and
implementing the governance processes and procedures for program
management over DHS' various acquisition programs to the Acquisition
Program Management Division (APMD), now called the Program
Accountability and Risk Management Office. Separation of the OCPO
procurement management responsibilities for acquiring goods and
services and APMD's program management of the acquisition process
provides a layered approach to DHS' acquisition oversight.
steps taken by dhs to improve its acquisitions management
In 2003, the Government Accountability Office (GAO) designated
implementing and transforming the Department of Homeland Security as
high-risk.\1\ GAO stated that the Department's efforts to integrate 22
independent agencies into a single department was an ``enormous
undertaking,'' partly because many of the major components faced at
least one management problem, including financial management
vulnerabilities. In a 2011 update, GAO noted that acquisition
management weaknesses have prevented major programs from meeting
capability, benefit, cost, and schedule expectations.\2\ To address
management challenges, GAO recommended ``validating key acquisition
documents during the acquisition review process.''\3\
---------------------------------------------------------------------------
\1\ GAO-03-119, High-Risk Series: An Update (Jan. 2003). GAO
maintains a program to identify Government operations that are high-
risk due to greater vulnerabilities to fraud, waste, abuse, and
mismanagement or the need for transformation to address economy,
efficiency, or effectiveness. Since 1990, GAO has designated over 50
areas as high-risk and subsequently removed over one-third of the areas
due to progress made.
\2\ GAO-11-278, High-Risk Series: An Update (Feb. 2011), p. 93.
\3\ Id., 33-34.
---------------------------------------------------------------------------
In September 2005, we published a report identifying significant
weaknesses that threatened the integrity of the Department's
procurement and program management operations.\4\ We made five
recommendations to address the vulnerabilities in the Department's
acquisition operations. DHS concurred with all five recommendations and
agreed to move ahead with expanded procurement ethics training,
enhancement of oversight, and establishment of a Departmental program
management office to address procurement staff shortages and staff
authority. Since our 2005 report, DHS has implemented management
directives and organizational changes, and developed acquisition
training programs intended to identify inefficiencies in the
acquisition process and prevent procurement ethics violations.
---------------------------------------------------------------------------
\4\ OIG-05-53, Department of Homeland Security's Procurement and
Program Management Operations (Sept. 2005).
---------------------------------------------------------------------------
In November 2008--recognizing the continued increase in the
quantity and complexity of DHS acquisitions--the Chief Acquisition
Officer classified acquisitions into three levels to define the extent
and scope of required project and program management and the specific
official who serves as the Acquisition Decision Authority. For level 1
acquisitions (greater than or equal to $1 billion), the Acquisition
Decision Authority is at the Deputy Secretary level. For level 2
acquisitions, ($300 million or more, but less than $1 billion), it is
the Chief Acquisition Officer. For level 3 acquisitions (less than $300
million), the Acquisition Decision Authority is at the Component Head
level. Acquisition Management Directive 102-01, Revision No. 1
(Directive 102-01), also identifies specific alternate Acquisition
Decision Authorities for each level.
While the Department has taken these and other significant steps to
improve its acquisition oversight processes and controls, our report
OIG-11-71, DHS Oversight of Component Acquisition Programs (April 2011)
identified additional areas for improvement, including improved
guidance to components regarding their use of the next Generation
Periodic Reporting System (nPRS), an integrated system that provides
visibility to the Department to track components' level 1, 2, and 3
acquisition investments.
additional guidance needed for use of nprs
In DHS Oversight of Component Acquisition Programs, we recognized
that the Department has made improvements to its acquisition oversight
processes and controls through implementation of a revised acquisition
management directive. However, the Department needs to provide
additional detailed guidance and improve controls in some areas. One of
the areas we identified for improvement is the use of nPRS, an
integrated system that provides visibility to the Department to track
components' level 1, 2, and 3 acquisition investments. It can also
store working and approved key acquisition documents, earned value
management information, and risk identification. Component personnel
are responsible for entering and updating information regarding their
acquisition programs in nPRS. This information includes, but is not
limited to, cost, budget, performance, and schedule data.
Since nPRS became operational in 2008, the Department has issued
conflicting guidance and enforcement for reporting level 1, 2, and 3
acquisition programs. According to APMD personnel, level 1 and 2
acquisition programs are the only programs that require nPRS reporting,
while reporting level 3 acquisition programs is optional. Despite APMD
personnel's explanation of the nPRS reporting requirements, in November
2008 they required level 1, 2, and 3 acquisitions to follow the DHS
periodic reporting process identified in the nPRS manual. Then in May
2009, the USM issued a memorandum requiring major acquisition programs,
level 1 and 2, to transition to nPRS by the end of the month. In July
2009, the Office of the Chief Information Officer issued guidance that
required components to report all programs to nPRS. In September 2009,
the Director of APMD issued a memorandum designating nPRS as the
Department's system of record for acquisition management data and
official reporting system for all level 1, 2, and 3 acquisition
programs. In January 2010, the APMD issued the final Directive 102-01,
which required all level 1, 2, and 3 acquisition programs to comply
with the DHS periodic reporting process. This conflicting verbal and
written guidance confused component personnel, who were not sure
whether to report all acquisition programs or only level 1 and 2
programs.
In May 2010, the USM issued a list of major acquisition programs
that identified 86 level 1 and 2 acquisition programs and elevated some
level 3 acquisition programs for Departmental oversight. According to
APMD personnel, the Department and components jointly create the major
acquisition program and project list. The APMD obtains information from
nPRS and requests updated information from the components regarding
their current number of acquisition programs. Once APMD personnel
receive the information, they create the final list and the USM signs
and issues the new list.
As of July 2010, we identified six acquisition programs listed on
the USM letter, but components did not report them in nPRS. We also
identified five level 1 and 2 acquisition programs reported in nPRS but
not on the USM letter. When we questioned Department personnel about
the differences between the USM letter and nPRS, they stated that the
differences were due to timing issues. However, we were not able to
reconcile the differences to verify that they were timing related.
Table 1 compares the list of acquisition programs in the May 2010 USM
memo with the nPRS database as of July 2010.
TABLE 1.--ACQUISITION PROGRAM REPORTING SYSTEM INCONSISTENCIES
------------------------------------------------------------------------
USM Memo--May 2010 nPRS Database--July 2010
------------------------------------------------------------------------
Consolidated Mail System Program..... No Entry.
Electronic Records Management System. No Entry.
St. Elizabeth's...................... No Entry.
National Security System Program..... No Entry.
Online Tracking Information System... No Entry.
Federal Protective Services.......... No Entry.
No Entry............................. Critical Infrastructure
Technology and Analysis.
No Entry............................. CBP--Infrastructure.
No Entry............................. FEMA--Infrastructure.
No Entry............................. ICE--Infrastructure.
No Entry............................. USSS--Infrastructure.
------------------------------------------------------------------------
To identify the number of acquisition programs in the Department,
we requested a list of all programs from nPRS, but the Department could
provide only level 1 and 2 acquisition programs. In March 2010, we
requested that the components provide us with a list of all level 1, 2,
and 3 acquisition programs so we could gain a complete inventory of
acquisition programs throughout the Department. Table 2 shows some
inconsistencies between the Department's totals and the components'
totals.
TABLE 2.--ACQUISITION PROGRAM INCONSISTENCIES
------------------------------------------------------------------------
Department Level 1 Level 2 Level 3 Total
------------------------------------------------------------------------
USM Letter--Apr 23, 2009.... 42 25 0 67
nPRS datapull March 2010.... 43 20 0 63
USM Letter--May 26, 2010.... 46 40 0 86
nPRS datapull June 2010..... 49 33 0 82
nPRS datapull July 2010..... 50 32 70 152
-------------------------------------------
COMPONENTS............ 48 22 152 222
------------------------------------------------------------------------
We obtained the Department's totals at five different times. Though
we understand that there may be differences in timing due to the
intervals, the Department needs to make sure that components are
consistently reporting all acquisition programs into the standard
system. In July 2010, we obtained our last data from nPRS that showed
progress regarding the number of level 3 acquisition programs
components entered in the system. However, at the time of the
publication of our report, nPRS still did not reflect half of the total
number of level 3 programs components reported outside nPRS.
use of nprs by components
Because the Department has not ensured or mandated that components
use nPRS, some components have developed systems comparable to nPRS.
According to APMD personnel, nPRS allows components to create a copy of
nPRS software and integrate it to meet their needs. The copy, which is
called the nPRS Sandbox, allows the components to duplicate the nPRS
software and to use the already developed nPRS as their oversight tool
for draft documents and approval of documentation and earned value
management, as well as cost and schedule status. The component's
Sandbox copy of nPRS is not visible by DHS headquarters or other
components because nPRS restricts access to authorized users. As of
July 2010, Transportation Security Administration (TSA), the Federal
Emergency Management Agency (FEMA), and the DHS Chief Financial Office
had requested use of the nPRS Sandbox feature.
Component personnel have developed, or are in the process of
developing, their own data-tracking systems because the Department has
not consistently mandated use of nPRS or its tools. For example:
TSA hired and spent approximately $100,000 for a contractor
in 2005 to develop the TSA Acquisition Program Status Report,
which served as its data-tracking system. As of June 2010, TSA
had merged its acquisition program portfolio, levels 1, 2, and
3, into nPRS and will no longer use the TSA Acquisition Program
Status Report. As of August 2010, nPRS is TSA's official
tracking system for acquisition programs.
FEMA, Customs and Border Protection (CBP), Immigration and
Customs Enforcement, and U.S. Secret Service use internally-
developed systems based on software programs such as Microsoft
SharePoint.
CBP personnel were in the process of developing an
additional database to track acquisitions throughout the
Acquisition Lifecycle Framework. We were not able to determine
the cost of this tracking database. According to CBP personnel,
the database development was a verbal agreement between CBP
personnel and the contractor. The statement of work under which
the contractor was performing other work for CBP did not
contain any mention of the verbal agreement.
In summary, the Department does not always know what is in its
acquisition portfolio because of the conflicting written and verbal
guidance provided to the components. The USM has not ensured that
components report all level 1, 2, and 3 acquisition programs in nPRS,
which hinders its ability to have complete visibility into component
acquisition programs. By mandating use of nPRS for all acquisition
programs, the USM would have visibility into components' acquisition
programs and could provide better oversight for its acquisition
portfolio.
We recommended that the Department direct components to report all
acquisition programs (levels 1, 2, and 3) to nPRS. The Chief
Procurement Officer agreed with our recommendation and stated that by
April 30, 2011 it would issue guidance to components to require
inclusion of all level 1, 2, and 3 acquisition programs within the nPRS
tracking tool. We are continuing to monitor this recommendation and it
remains resolved and open. On February 16, 2012, we received the
Department's latest update. In that update the Department stated that
it was encouraging its components to ensure that all acquisitions
program information is reported accurately monthly. While we are
encouraged by the Department's actions, this effort does not meet the
full intent of our recommendation.
Chairman McCaul, this concludes my prepared remarks. I would be
happy to answer any questions that you or the Members may have. Thank
you.
Mr. McCaul. Thank you, Mr. Edwards.
I understand we will be voting probably in 15 to 20
minutes. We are going to keep the 5-minute rule very tightly.
The 9/11 Commission basically said that 9/11 was a result of a
failure of imagination. We can imagine many threats out there.
When we have failed programs and we see taxpayer dollars
wasted, that is not only a management issue; it is an issue
that puts the American people more at risk. It is an issue that
prohibits the Department from doing its core mission, and that
is protecting the homeland.
It is not hard to imagine a nuclear threat. When we look at
the situation in Iran with Israel and Iran getting closer to
having a nuclear capability, when we see Iran's relationship
with Venezuela and Cuba, Hezbollah in the Western Hemisphere,
Hezbollah in Mexico, Hezbollah in the United States, and yet we
had a program, a nuclear detection program, the ASP, that
totally failed; $230 million of taxpayer dollars wasted. We had
a program, SBInet, a border security program; $1 billion,
nearly $1 billion, wasted. In the private sector, if that
occurred, people would be held accountable. In the private
sector, a business would be accountable to their shareholders.
They would be accountable to the Federal regulators. They would
be accountable to the Justice Department. Yet here are just two
examples of tremendous failures that in my judgment put the
American people more at risk to a nuclear attack across our
Southwest Border and yet no one was held accountable. There was
no accountability.
It is not just about management; it is about American lives
at stake. So that is how I see this issue. It is an issue of
integration. You have 22 different departments merged into one
giant agency.
Mr. Borras, I know you have a great challenge on your
hands, and you inherited a lot of this, and it is very
difficult to merge 22 agencies. But when they are stovepiped by
acquisition and procurement and they are not integrated, we see
these failures. Again, radiation detection ASP, $230 million of
taxpayer money; SBInet $1 billion. Again, it is not some
glazed-over management issue. This puts American lives at stake
to a nuclear threat that exists, that is real. Not only the
nuclear threat but the border, which coming from the State of
Texas, I view as a tremendous threat to our security. So, with
that, Mr. Borras, if you would explain to me what happened with
the ASP program; what happened, and was anybody held
accountable within the Department?
Mr. Borras. Mr. Chairman, certainly both the SBI program
and the ASP, as well as other programs, were highly informative
certainly to me when I came in. SBInet was initiated in 2006;
ASP shortly thereafter. As we now know, the Secretary called a
halt to the SBI program to take a look at the factors that went
into the cost overruns and the lack of good requirements.
Similarly, with ASP, in April 2011, we had an acquisition
review board meeting where we reviewed the progress and the
lack of success with ASP, and we directed that that program be
ended, the contract not be extended.
What I am saying to you, Mr. Chairman, is that those
programs in the past suffered from the lack of oversight. There
was no mechanism to review, back in 2006-2007, departmental
programs. What we have put in place, which I have described and
my colleagues have acknowledged exist, is now we have a robust
acquisition review process. We are using information-gathering
tools like the DST to be able to now monitor much more closely
the project process and the progress of a program. But it is
not just catching programs when they fail. Because we have to
manage these investments, it is very important that we maintain
the sustainability of a program, so we have to increase its
probability of success while reducing its risk.
So now we have a mechanism, and we have documented over the
last 2 years over 70 instances where we have called programs
before the Department, where they are subject to a
comprehensive review, and as a result of these reviews they
have been giving adjustments, modifications, in some programs
like ASP, they have been told to cease. They have been told to
perform other functions to modify their process to improve the
success of those programs. So, Mr. Chairman, I will say to you
that we are far from perfect, but we are much better stewards
of the investment dollars today than we were back in 2006-2007.
Mr. McCaul. Well, I certainly hope so. Was anybody held
accountable for these failures?
Mr. Borras. Both of those programs were initiated certainly
before my time at the Department, so I am not aware or
cognizant of any action that was taken prior to my arrival in
2010.
Mr. McCaul. I just think too often--you know, I was in the
Justice Department for a decade, but I think too often, the
Federal Government, when failures like this are made, nobody is
held accountable. You know, if this was in the private sector
again, a private company, corporation, heads would have rolled
over this thing, and yet I don't see any accountability here. I
mean, I applaud your efforts to transform the agency. You have
a great task in front of you. But it is this accountability
issue that seems to be lacking in my judgment.
Finally, and I have to move on very quickly, but Mr. Maurer
or Mr. Edwards, do you have any thoughts on this issue in terms
of what needs to be done to prevent these failures from
occurring again?
Mr. Maurer. I think the first thing the Department needs to
do is execute the plans that it has already put in place. That
traditionally has been a challenge DHS has faced from the time
it was stood up. They have had plans to address IT and human
capital and acquisition from the time it was created in 2003.
They haven't always executed on those plans. So I think that is
sort of the first thing going forward.
I think the second thing going forward is accountability.
As you correctly point out, Mr. Chairman, it is important to
have accountability and oversight of these on-going efforts,
and we have been working very closely with DHS in this regard
and will continue to do so.
Mr. McCaul. Just very briefly, Mr. Edwards.
Mr. Edwards. The Department has matured the initiative
focusing on keeping the public safe. Most of the resources were
dedicated to that. Now they are focusing on improving
management control standardizing policies, procedures, and
developing systems to integrate. I think this is a huge
monumental task, and the Department is making progress and
moving in the right direction.
Mr. McCaul. Let me just close by saying I think the
Department of Defense had a lot of growing pains. The
Goldwater-Nichols plan, I think, you should be looking at.
Finally, I come from Austin, where there is a lot of
technology. I really think technology can be your best friend
in terms of integration. I do applaud your efforts to bring in
the cloud, where you have the 22 different agencies integrated
through technology. But with use of the cloud, I think that
could really move the Department forward into the right
direction. With that, I now recognize the Ranking Member.
Mr. Keating. Thank you, Mr. Chairman.
We are running out of time, so I will go to what my
prepared questions are.
Mr. Edwards, when you laid out the success of the qualified
audit and you laid out what there should be done, does your
review also look forward in terms of what resources are there,
what the cost of those resources, what the Department doesn't
have at its disposal to do it and what the cost figures were to
do it, instead of just here is the Department's
responsibilities, this is where they have to go? Do you also
say that they don't have the resources available to do this and
what the cost of that would be for the Department to do that?
Mr. Edwards. No, sir, we have not done that. We have just
looked at because the--you know, the number of 22 agencies
coming together with legacy systems.
Mr. Keating. Okay. I just wanted to qualify this. It is
great to say, here is what the Department should do. What I
think we need as well is a better understanding of, where are
they going to get the resources to get this done? I will turn
that to Mr. Maurer, the same thing. When you are reviewing
this, I know that you can turn it back and say, well, that is
your job, Congressman, to give the resources. That being said,
we could use a roadmap here in Congress because these are
issues of security and the safety of the public.
So, Mr. Maurer, do you think that is a better approach to
not only say what is not done, but to say the resources that
are necessary to do it include these kind of resources? Because
doing--we are all doing less--we all are trying to do more with
less resources, but these are issues of National security and,
in the long run, could be cost-effective if we could do a
better job of providing those management resources.
Mr. Maurer. Absolutely. We certainly agree that investing
in management resources is key to the Department's overall
success in achieving its key missions. One of the things that
we are looking at when we assess the various Department plans
for addressing our high risk is their own assessment of the
resources that they say they need to carry out what they plan
to do. We have had some questions along those lines about
whether or not they have the ability to put the resources to
bear to actually execute on these plans.
Mr. Keating. That will lead in, and I am just going to do a
three-part one question because of the time. So, Mr. Borras,
getting right to you, going down the line here, I think the
starting point we all acknowledge for homeland security was a
very difficult one. One quick question and then just react to
the question I ask about resources that are necessary. I am
curious, what you control for all of DHS, how much of that is
under your direct budget, how much isn't?
Mr. Borras. Well, Congressman, the way the budget is
organized the Under Secretary has authority for the good
stewardship of the entire budget spent through the financial,
including the way that we are organized the components have
authority in the way that Congress has set up the funding for
those organizations. They aren't under the control of the
component heads. But as it relates to the resources, and we
have put together plans that show the resource requirements
needed to implement many of these initiatives, I will tell you,
I have tried to be very frugal, very mindful of the financial
state that we currently exist in. I have not asked for any
significant increases in our budget. We are attempting to use,
as the Chairman mentioned, leverage technology, our existing
resources. It is often a challenge because oftentimes, we are
pitted against each other; do we invest in the management
backbone of the Department, or do we invest in the operations
of the Department? Clearly the Secretary has made it clear she
is not going to sacrifice the operations of the Department. So
we are trying to do the best we can with the resources we have
available and leveraging technology.
Mr. Keating. With the focus of today's hearing and coming
years ago from my MBA perspective on things, I honestly think
that we should really look carefully. One of the outcomes of
this hearing should be, are we investing enough in management
resources, so you are not in this situation, well, here is
operations, here is management; we don't have enough to do
both. Well, if you don't have good tools to manage then that
operational budget is not going to be used as efficiently as
possible. So my thinking is, too, that all too often, we just
keep looking at what we have to do to get by, and that is
important in tough times. But we are losing the opportunity to
save money and be more efficient in the long run and to do a
better job and to meet these requirements that Mr. Edwards
talked about, Mr. Maurer talked about, and getting the job
done. Sometimes not investing up front is going to cost you
more down the road, and that that not only is a cost in
dollars; it is a cost in safety. That is what I would like to
see more of a focus upon.
Mr. McCaul. I thank the Ranking Member.
The Chairman now recognizes the gentleman from
Pennsylvania, Mr. Marino.
Mr. Marino. Thank you, Chairman.
Gentlemen, thank you for being here. I do not have any
questions, but I do have a brief statement to make. First of
all, I want to thank you for stepping up to the plate and
assuming these roles and your staff as well. It is an awesome
responsibility. You have thousands and thousands of people just
in the agency alone for whom you are responsible and of course
responsible to the citizens of the United States.
No one forced you to take these positions. What I am tired
of hearing since I have been here the last year and 2 months
is, I inherited a mess, okay. None of you have said that, and I
applaud you for not saying that. But again, you assumed the
responsibility. Now the ball is in your court. You have to make
this agency the best security agency in the world and the most
efficient.
You have an awesome responsibility. But we are going to be
watching. We are going to assist you wherever we are able to do
it, keeping in mind that we have a finite amount of dollars and
an infinite amount of problems. So I leave you with good luck.
If my office or any of us can be of any assistance to you,
please don't hesitate to contact us.
But the next time we are talking, it is your responsibility
now to get this agency where it should be. Thank you.
I yield back my time.
Mr. McCaul. I thank the gentleman for your comments.
I wholeheartedly agree with what you just said. I think too
often, we get into gotcha politics in the Congress. Our sincere
effort is to--this is too important to the American people, the
mission.
So we are here really to help you. Mr. Marino served as
United States attorney for many years, and I was in the Justice
Department for many years. The Ranking Member was a district
attorney. We certainly understand, coming from the Government's
perspective, where you are, and so we do want to help you.
Mr. Marino. Can I just----
Mr. McCaul. I yield to Mr. Marino.
Mr. Marino [continuing]. Qualify it with one thing. No one
forced me to run for Congress either, and I took on this
responsibility. It is mine now; it is ours. So we are sort of
in the same boat. We have a mission to do together.
I yield back. Thank you for yielding.
Mr. McCaul. Well, thanks for your comments.
The Chairman now recognizes the gentleman from Illinois,
Mr. Davis.
Mr. Davis. Thank you.
Thank you very much, Mr. Chairman.
I would certainly echo the last comments made by yourself
and the gentleman from Pennsylvania, but I also note that the
failures that you discussed earlier actually did occur during
the prior administration, and notwithstanding that, it is
difficult to not start where you start and to not deal with
what you have inherited because you have got to deal with that.
So let me ask you Under Secretary, in his written testimony
to this committee on September 8, 2011, Gene Dodaro, the
Comptroller, noted that the Department, and I am quoting now,
``has not yet developed an integrated financial management
system, impacting its ability to have ready access to reliable
information for informed decision making''.
Is it your view that the Department's new approach to its
financial management system will be able to promote informed
decision making, despite its component-by-component approach?
Mr. Borras. Congressman Davis, thank you, again, for your
comment and question. The Department has embarked on a series
of attempts to modernize the financial systems in the
Department; eMerge2 and TASC were two of the very visible ones.
Both of those had as a goal to comprehensively overhaul the
entire financial management apparatus of the Department and put
the Department on a single financial platform. That is a very
expensive, a very complicated, very resource-intensive
undertaking. The approach we have taken now is much more what I
would call modular, much more agile, and much more mindful of
the resources that we have available.
Also, we have to recognize that in the Department, the
components of the Customs and Border Protection, the Secret
Service, and FLETC currently operate certified good-standing
financial systems. There is no reason in my judgment to spend
taxpayer money to modernize three major systems that are
already producing good financial outcomes.
So our approach has been to identify those components that
have the greatest need in terms of either modernizing the
system or upgrading the current system. That is a much more
responsible financial approach. It will take us a little bit
longer, but there is no need to invest in an entire
comprehensive one financial system. So we will fix those that
are in need, and we will tie those systems together, which
using technology is a much more cost-effective way to do it,
rather than build a very big cumbersome system.
Mr. Davis. Thank you very much.
Will each of you quickly respond to the Under Secretary's
comments?
Mr. Maurer. Absolutely. We certainly had a series of
reports over the years talking about the Department's past
failed efforts to modernize the financial systems. I would
certainly agree with the Under Secretary's comments that it is
a difficult, expensive, and complex undertaking.
Having said that, from our perspective, what we are looking
for are the actual outcomes of whatever strategy DHS decides to
take in modernizing its systems. We certainly understand it has
taken a different approach, and we will be watching that
carefully. What we are looking for are actual results and the
ability to provide actionable financial information to help tie
the Department together and allow senior leadership to make
better-informed decisions.
Mr. Davis. Mr. Edwards.
Mr. Edwards. Thank you, Congressman.
I agree with the Under Secretary, they are making lots of
progress. But the Department needs to standardize policies and
procedures and definitions across the Department. It was such a
huge manual lift to get the opinion last year. So as long as
the Department can do this, and we are going to be doing a
review later this month meeting with them on their process
going forward.
Mr. Davis. Thank you very much.
Thank you, Mr. Chairman. I yield back.
Mr. McCaul. I thank the gentleman.
I want to just follow up with a comment about what the
Under Secretary said, and that is leveraging existing
technologies. I talk about that a lot. For instance, you know,
the Department of Defense has great technologies we have used
in Afghanistan and Iraq in terms of sensor surveillance that we
can use on the Southwest Border for instance. But that can
apply to so many different other areas as well. It doesn't make
any sense to have to start from scratch and build it from
within the Department when you can actually leverage existing,
whether it is within the Federal Government or whether it is in
the private sector. The private sector has a lot of great
technology out there that we can leverage. I think in the end,
it is more cost-effective as well.
I appreciate your comments about being frugal because I
think this is a time where we really have to tighten our belts.
We don't like it. I prefer to put more money into the
Department, but we are under very serious budgetary
constraints.
So, with that, I want to thank the witnesses for your
testimony. The hearing record will be open for 10 days. If
Members have additional questions, they may send you those, and
you can respond in writing.
So, with that, this hearing is adjourned.
[Whereupon, at 10:35 a.m., the subcommittee was adjourned.]
A P P E N D I X
----------
Questions Submitted by Chairman Michael T. McCaul for Rafael Borras
Question 1. Recently the Office of Program Accountability and Risk
Management (PARM) was created to implement four new core initiatives:
Streamline program execution and governance processes, establish a
``Centers of Excellence'' to share best practices, increase visibility
of the health of acquisition programs, and advance the development of
the acquisition workforce. What is the status of those four initiatives
and how will they further your efforts to be removed from GAO's high-
risk list?
Answer. As the executive office for program execution, PARM is
responsible for the principle DHS policy for acquisition management,
Acquisition Management Directive (MD) 102-01. PARM is working with
Component Acquisition Executives (CAEs), program managers, and other
stakeholders within DHS to change the construct of MD 102-01 provide a
functionally structured policy with the flexibility, through an
innovative structure, that enables DHS to streamline and improve the
policy based on stakeholder feedback without needing to re-open the
Department's policy change process for the entire Directive. The new
process will also facilitate development of new guidebooks, addressing
areas such as: Portfolio governance, cost/schedule monitoring, service
contracts, and Quarterly Program Accountability Reports (QPARs).
To advance Centers of Excellence (COE) for Acquisition and Program
Management, PARM supported the formation of eight COEs, which have
begun providing program offices best practices, guidance, and expertise
in their respective disciplines. The COEs are: Cost Estimating &
Analysis COE and Program Management COE (sponsored by PARM);
Accessibility Compliance COE, Enterprise Architecture COE, and
Requirements Engineering COE (sponsored by the Office of Chief
Information Officer); Privacy COE (sponsored by the Privacy Office);
and Systems Engineering COE and Test & Evaluation COE (sponsored by
Science & Technology Directorate). The core team for each COE contains
a dedicated Federal FTE along with voluntary subject matter expert
participation from the components and DHS lines of business. PARM
established a COE Council to provide strategic direction to the COEs,
and a COE Coordinating Office to provide planning and communications
services to the COEs. The Executive Director of PARM chairs the COE
Council. The COE initiative supports the effort to remove DHS from the
GAO high-risk list by building program management capabilities, sharing
best practices across components, and proactively identifying and
addressing program gaps before they become major problems.
DHS is driving a program management paradigm shift to emphasize the
criticality of quality performance data in the decision-making process,
not only during Acquisition Review Boards (ARBs), but between formal
reviews as well.
In addition, PARM launched the Decision Support Tool (DST) in
October 2011, which provides DHS leadership a central dashboard for
assessing and tracking the health of major projects, programs, and
portfolios. DHS uses the DST capability to inform ARBs with
standardized information. Additionally, PARM formed an independent
analytic group to translate DST data and build the knowledge needed for
effective decision making. Moreover, PARM has also produced the
Quarterly Program Accountability Report (QPAR), which is used to
perform a high-level, ``vital signs'' analysis of each major
departmental program (on a quarterly basis) based on 15 criteria. Like
the CASR, the QPAR leverages data from DHS source systems, thus
minimizing time-consuming data calls.
PARM is advancing the professional development of the workforce by
building the Program Management (PM) Corps. PARM collaborates with
Acquisition Workforce/Office of Chief Procurement Officer (OCPO), Lines
of Business Chiefs (CXOs), Component Acquisition Executives (CAEs),
Program Management Offices (PMOs), and the Centers of Excellence (COEs)
for Acquisition and Program Management. To date this has been
accomplished, through the development of acquisition courses for
different PM Corp career paths (Program Manager, Cost Estimator),
certifications and analysis of workforce gaps. PARM's focus is to
ensure that adequate numbers of experienced, trained, and certified
professionals are positioned where they are needed most, and to raise
standards of professionalism and performance.
The Under Secretary for Management's Program Management & Execution
Playbook* outlines the core initiatives described above. The Playbook
establishes a vision for program governance and management that
emphasizes critical thinking, problem solving, and program
accountability at all levels.
---------------------------------------------------------------------------
* The document has been retained in committee files.
---------------------------------------------------------------------------
Question 2. You recently released an Acquisition Management
Playbook to place greater emphasis on critical thinking and
accountability for results, rather than merely procedural compliance.
Do you as Under Secretary for Management and Chief Acquisition Officer
have the proper authorities to effectively conduct oversight and manage
all component acquisition programs?
Answer. Yes, the USM and CAO positions currently possess sufficient
authority to oversee all investments, including acquisition programs,
throughout their life cycles. I presently delegate authority to
Component Acquisition Executives (CAEs), the senior-most acquisition
officials within the components. Acquisition Management Directive (MD)
102-01, as well as the Acquisition Playbook, provides the necessary
policy and procedural guidance to inform the acquisition workforce.
Those documents provide the necessary standards to conduct proper
oversight of programs.
Question 3. In order to be successful integrating management
systems across the Department, there needs to be standardization of
definitions and procedures. For example, different components have
different definitions on what is a ``cost estimate'' for an acquisition
program. Without standardization any integrated data would be
inaccurate and useless. What actions have you taken to address these
concerns?
Answer. I recently directed by LOB Chiefs to form a Business
Intelligence/Dashboard Executive Steering Committee (ESC) to address
business intelligence issues, including the standardization of
definitions and procedures. The group's charter identifies data
standardization and a common lexicon as a top priority. The ESC
includes cross-functional representation from across the Department and
will focus first on the Department's acquisition and program management
data terms. This work will be integrated with DHS training, educational
activities, and communications.
All the Acquisition and Program Management Centers of Excellence
will serve as a forum for engaging the acquisition and program
workforce in building a common language and discipline for managing the
Department's major investment programs. An example is the Cost
Estimating and Analysis Center of Excellence (CE&A COE), which is
charged with building the Department's acquisition and program
management capabilities related to cost estimating and analysis. The
CE&A COE developed and published a standard and guidance on cost
estimating for acquisition programs.
Question 4. Many acquisition programs fail as a result of not
having solid and well-defined program requirements.
How will your new initiatives improve the quality of program
requirements at the front end and ensure that DHS doesn't set up
acquisition programs for failure?
Answer. The Department has instituted several changes to improve
the quality of how program requirements are developed early in a
program's life cycle. The principle changes involve the creation of
eight Centers of Excellence (COE) to assist the major acquisition
disciplines to in all phases of the life cycle. These COE provide the
program managers with proven practices, tools, standards, and expert
support to mature requirements definition and program management.
The Requirements Engineering COE, Systems Engineering COE, and
Enterprise Architecture COE engage with program managers early in the
life cycle to establish well-defined requirements, traceability, and
configuration management processes for the programs. The Test and
Evaluation COE provides expert support directly to the programs so that
Key Performance Parameters are stabilized early in the life cycle. This
ensures testability and improved the probability that future
developmental and operational test are successful.
The Cost Estimating & Analysis COE is working to build an organic
capability within program offices to develop Life Cycle Cost Estimates
(LCCE). The CE&A COE is utilizing the GAO publication on cost
estimating to validate program LCCE.
The Program Management COE manages the end-to-end acquisition
processes and provides coaching and mentoring to programs and
components. These include integrated scheduling, organizational
structures, and contracting approaches.
The Privacy COE and Accessibility COE are integrated into the
Systems Engineering processes to establish those requirements with
programs. The technical reviews described in each Systems Engineering
Lifecycle Tailoring Plan ensure that programs are achieving the
requirements associated with these important areas.
Fostering solid business relationships with industry is also an
essential part of improving the quality of program requirements at the
front end. At the DHS Industry Day held in January 2012, I emphasized
the importance of forging the right kind of relationships with industry
so that we get maximum benefit from the investments funded by
taxpayers. All PMs will be required to conduct comprehensive market
research early in the process and document their findings so future
contract reviews can verify that this important step has been
completed. The Senior Procurement Executive is spearheading a process
to encourage early and frequent engagement with industry and sites
visits. We have created Component Industry Liaison positions to respond
to industry questions and facilitate more meaningful reaction between
DHS and industry, and I have directed senior managers to improve the
quality of feedback in debriefings, and to enter information into the
Contractor Performance Assessment Reporting System (CPARS).
The Department's effort to place greater emphasis on the ``front-
end'' strategic phase of the acquisition process will ultimately result
in a more informed and accurate procurement forecast.
Question 5. One of your initiatives to better manage acquisitions
is the establishment of the Investment Review Board. How is it
different that the old Acquisition Review Board?
Answer. Plans are underway to expand the functions of the
Acquisition Review Board (ARB) to include emphasis about non-
acquisition ``investments.'' When fully deployed toward the end of
fiscal year 2012, the Investment Review Board (IRB) will focus more on
investments that may include private-sector type information beyond
what is traditionally associated with Government contracts. Examples
might include grants, interagency agreements, leases, and human
capital, which collectively represent approximately 60% of the
Department's total budget. The enhanced IRB is intended to provide a
more holistic view of DHS investments and resources by reviewing the
entire landscape of both acquisition programs and non-acquisition
investments. IRB members will also view the efficiency and
effectiveness of investments and determine whether redundant or poor
performing programs should be cancelled or combined with other programs
to improve the Department's return on investment.
The composition of the governance boards (e.g., IRBs) consists of:
The Under Secretary for Management, Under Secretary for Science and
Technology, Assistant Secretary for Policy, General Counsel, Chief
Financial Officer, Chief Procurement Officer, Chief Information
Officer, Chief Human Capital Officer, Chief Administrative Officer, and
Chief Security Officer, as well as senior component officials.
Question 6. GAO has reported that the various versions of the
Integrated Strategy for High-Risk Management do not consistently
identify the specific resources the Department needs to implement
planned corrective actions, making it difficult to assess the extent to
which DHS has the capacity to implement these actions.
What challenges is DHS facing in identifying the specific resources
needed to implement its planned corrective actions? More specifically,
what are the resources needed? How is the current budget environment
affecting these needs?
Answer. As of February 2012, each LOB Chief has solidified their
resource plans within each Corrective Action Plan (CAP) and identified
a CAP lead to spearhead each initiative. Where practical, the goal of
each Line of Business (LOB) Chief is to furnish dedicated resources,
either through internal DHS employees or contractor support. As
programs mature, LOBs are able to integrate their teams with resources
from other organizations.
Question 7. What are DHS's challenges with integrating its
financial information and systems, what are the plans for overcoming
these challenges, and what are the time frames for achieving reliable,
useful, and timely financial information for Department-wide decision
making on a day-to-day basis?
Answer. One of the most significant challenges faced by DHS is
multiple, disparate financial management systems. Many of the existing
systems are outdated, expensive to maintain and present significant
obstacles to the Department's ability to provide timely, accurate
enterprise-level information. Recognizing this challenge, DHS has
unsuccessfully pursued implementation of a seamlessly integrated
Department-wide financial management system. After several attempts to
acquire a centralized financial information system, the Department has
changed course to focus on a decentralized approach to financial system
modernization while improving Department-wide business process
standardization, implementing a common accounting line, and building
enterprise-wide business intelligence capabilities.
These business intelligence capabilities will provide accurate,
timely, and reliable financial management reporting across the
Department. The approach includes consolidating component financial
data, using data checks and analytics to improve data quality and
better understand trends to improve decision making, and enhancing and
automating financial reporting for the Department, Congress, OMB, and
other key stakeholders.
Business intelligence tools and data standardization will enable
DHS to collect and map data from component systems to report
Department-wide information and decrease our reliance on stand-alone
data calls and data-entry spreadsheets. DHS plans to begin
incrementally building business intelligence capability to report
Department-wide financial information consolidated from component core
financial systems in fiscal year 2012 and plans to continue to develop,
expand, and refine this during fiscal year 2013 and fiscal year 2014.
Question 8. GAO has reported that: (1) Few acquisitions have life-
cycle cost estimates, (2) DHS lacks a sufficient financial management
system, and (3) DHS senior executives are not confident in using
acquisitions' and investments' performance data captured by the
Decision Support Tool.
What is the percentage of DHS acquisitions and investments that
have a validated and DHS-approved life-cycle cost estimate?
Given that DHS cannot document how much it is spending or how much
it actually needs to acquire and maintain its current acquisitions and
investments, how does DHS determine that it can afford the acquisitions
needed to secure the homeland?
What steps is DHS taking to ensure that the Decision Support Tool
accurately captures program performance on a consistent basis?
Answer. I created a Cost Estimating & Analysis Center of Excellence
(CE&A COE) to build the Department's cost estimation capabilities and
to mature the cost estimates of major DHS acquisitions and investments.
The CE&A COE, which is led by the Office of Program Accountability and
Risk Management (PARM), is tasked with providing components and major
program offices best practices, processes, guidance, tools, operating
models, and expert counsel in cost estimating and analysis.
DHS can document how much it is spending. After years of being on
the high-risk list maintained by the Government Accountability Office,
the Department of Homeland Security received its first qualified
opinion on its fiscal year 2011 balance sheet and statement of
custodial activities. Obtaining a qualified opinion is a pivotal step
in increasing transparency and accountability, as well as accurately
accounting for the Department's resources. Moreover, it is a
significant milestone that highlights how significantly financial
management has improved at DHS. This year's audit results provide clear
evidence of continued management improvements at DHS.
In order to make informed investment decisions, DHS directs
components to provide life-cycle cost estimates (LCCEs) in support of
their acquisition programs. A LCCE attempts to identify all the costs
of an acquisition program, from its initiation through disposal of the
resulting system at the end of its useful life. LCCEs are used to
assess whether the investment is affordable within DHS's long-term
funding profile. This affordability is a key consideration during
Investment Review Board deliberations at milestones in the investment
life cycle, and annually as part of Department resource allocation
decision making.
Based on these initiatives, DHS has made progress in getting life
cycle cost estimates approved. We are on track, at a minimum, to double
the number approved life-cycle cost estimates in fiscal year 2012 over
prior years. DHS currently has 13.3% level 1 LCCEs acquisitions
approved with an anticipation of that to grow to 20% by the end of
fiscal year 2012. We expect to see this incremental progress to
continue as the cost estimating community of practice matures within
DHS.
The Department is taking a number of steps to ensure that program
performance data used in the Decision Support Tool (DST) is complete,
accurate, and valid. The DST, which is managed by PARM, pulls data from
existing source systems of record, which are populated directly by the
program offices.
On February 13, 2012, I signed a memorandum on business
intelligence, emphasizing DHS reporting requirements. The memorandum
reminds Component Acquisition Executives (CAEs) and major programs
offices of their responsibility to report accurate and complete
acquisition program information in DHS systems of record. To further
encourage accountability, DHS added performance objectives on data
management and reporting to CAE performance plans.
In addition, PARM is creating DST reports to identify any programs
that are not compliant with the reporting requirements. These reports
will document incomplete data fields for each major investment. PARM is
also conducting manual data deficiency reviews on major investments, as
well as continued outreach to DHS stakeholders (workshops, briefings,
and one-on-one communications) to underscore the importance of
reporting compliance. PARM's outreach serves to set expectations that
the Department is using reported performance data to inform Acquisition
Review Boards (ARB), annual and quarterly Comprehensive Acquisition
Status Reports (CASR), Quarterly Program Accountability Reports (QPAR),
as well as day-to-day decisions between formal program reviews.
Question 9. DHS plans to establish a new framework (the Integrated
Investment Life Cycle Model) for managing investments across its
components and management functions. This framework includes creating
new department-level councils to identify priorities and capability
gaps, make resource decisions, and monitor and assess the
implementation of investment decisions.
DHS has had previous department-level resource decision-making
bodies, such as the Joint Requirements Council. What were the
roadblocks for previous department-level resource decision-making
bodies?
What steps is DHS taking to ensure that these new councils are
successful in managing a broad portfolio of mission needs,
acquisitions, and investments?
What is the status of standing up these new decision-making bodies,
specifically the Department Strategy Council, Functional Coordination
Offices, and Capabilities and Requirements Council?
Answer. Since its inception in 2001, the Department has
continuously worked to improve how it manages its multi-billion dollar
investment portfolio. Creating a Joint Requirements Council (JRC) in
2003 was an important achievement to identify cross-cutting
opportunities and leverage common requirements. According to GAO, the
JRC lacked adequate oversight and accountability. I was mindful of this
information when I directed my staff to develop the IILCM, which is
designed to consider a broader range of investment factors.
For example, since my arrival to the Department nearly 2 years ago,
I committed to strengthen all phases of acquisition management. This
includes better cost estimating, deploying business intelligence to
inform key strategy decisions and expanding the responsibilities of the
ARB to have a more holistic view of DHS resources by reviewing both
acquisition programs and non-acquisition investments.
However, before any substantive changes could be made, I concluded
that key structural changes to the way decisions are evaluated and
concluded had to be one of my first steps. While the JRC was an
important forum, it was just one part of the overall landscape. Working
with my counterparts in the components, as well as my direct reports
(e.g., LOB Chiefs), we developed the IILCM. The IILCM is a conceptual
framework to consider the viability of investment decisions, from the
time it is first conceptualized through execution.
In general terms, the IILCM has already been initiated, albeit in a
phased approach given the need to pilot/test the concepts and account
for the challenges of an incrementally funded budget process through
the use of continuing resolutions.
The IILCM concept is multi-dimensional, not linear. Each phase
requires testing and coordination at both the Department and component
levels. Rather than adopting a single, ``big bang'' approach, each
function (e.g., Board/Council) is being ``initiated'' in phases or
segments. Some phases have matured faster than others, especially those
functions that fall within the domain of the Management Directorate
lines of business.
Figure 1 displays the key tenets of the IILCM and provides a multi-
dimensional, inter-related process that ties investments to mission
goals. This model integrates the top mission objectives identified by
the Secretary with the long-standing Planning, Programming, Budgeting,
and Execution process. In addition, it identifies participants and
decision makers from key organizations whose involvement is based, in
part, on their functional responsibility.
[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]
In general terms, the IILCM has already been initiated, albeit in a
phased approach, given the need to pilot/test mission-related concepts
and the challenges posed by an incrementally-funded budget process. The
IILCM is multi-dimensional, not linear. This means that changes or
decisions made by an ARB could, and likely will, have a ripple effect
on earlier stages (e.g., DSC, CRC). For example, Program A may be
determined at the ARB to be underperforming or possess obsolete
technology. As such, the CRC may determine during a trade-off exercise
that to improve the quality and viability of investment decisions.
Questions Submitted by Chairman Michael T. McCaul for David C. Maurer
\1\
---------------------------------------------------------------------------
\1\ [ . . . ]The responses are based on previously issued GAO
products.[ . . . ]See GAO, Department of Homeland Security: Continued
Progress Made Improving and Integrating Management Areas, but More Work
Remains, GAO-12-365T (Washington, DC: Mar. 1, 2012); GAO, Information
Technology: Department of Defense and Energy Need to Address
Potentially Duplicative Investments, GAO-12-241 (Washington, DC: Feb.
17, 2012); GAO, Financial Management Systems: DHS Faces Challenges to
Successfully Consolidating Its Existing Disparate Systems, GAO-10-76
(Washington, DC: Dec. 4, 2009); GAO, Department of Homeland Security:
Billions Invested in Major Programs Lack Appropriate Oversight, GAO-09-
29 (Washington, DC: Nov. 18, 2008); and GAO, Financial Management:
Long-standing Financial Systems Weaknesses Present a Formidable
Challenge, GAO-07-914 (Washington, DC: Aug. 3, 2007).
---------------------------------------------------------------------------
Question 1. Do you believe the President's fiscal year 2013 budget
proposal provides DHS the resources and capacity to make greater
progress removing them from the high-risk list?
Answer. The absence of resource information for many of the
corrective actions DHS identified in its strategy for addressing our
high-risk designation makes it difficult to fully assess the extent to
which the Department has the resources and capacity to implement its
strategy. Without this information, neither DHS nor we can fully assess
the extent to which the Department has the capacity to implement these
actions. Specifically, in its December 2011 Integrated Strategy for
High-Risk Management, DHS did not consistently provide information on
what the specific resource needs are or what additional resources may
be needed to implement the corrective actions--actions intended to move
the Department toward removal from our high-risk list.
Question 2a. For nearly a decade DHS has attempted to modernize and
integrate its financial management systems. As of May 2011, DHS
canceled the Transformation and Systems Consolidation (TASC) program,
its third attempt to integrate financial systems. Now DHS is attempting
to move forward with a new Financial Modernization effort.
Do you have any reservations with their new strategy to enhance its
integration of financial management systems?
Answer. It is too soon to assess DHS's new, decentralized approach
for modernizing its financial management systems because this approach
is in its early stages with many pieces still being defined by the
Department. However, we have previously reported that agencies that do
not have integrated systems, such as DHS, are likely to expend more
time, effort, and resources in compiling routine financial information
and periodic financial statements.\2\ Without any definitive
information on DHS's new approach, it is not clear whether the approach
will result in systems that generate reliable, useful, timely financial
information for day-to-day decision making and agency oversight.
Specifically, as of February 2012, DHS had not identified the Federal
service provider that will be used by the Federal Emergency Management
Agency's financial management system--the first system scheduled for
modernization. Additionally, DHS has not yet identified the specific
approach or necessary resources and time frames for implementing new
systems at U.S. Coast Guard and Immigration and Customs Enforcement--
the next two components identified for modernization.
---------------------------------------------------------------------------
\2\ GAO-07-914.
---------------------------------------------------------------------------
Further, agencies that embark on financial system modernization
projects without having a clear road map increase the risk of cost
overruns, schedule delays, and other project failures. We have
consistently reported that agencies should develop planning documents
that describe, at a high level: (1) How all agency financial systems
would relate to each other, (2) how information would flow from and
through these systems, and (3) which system would be considered the
official system of record for master data.\3\ Further, planning
documents provide a useful tool to explain how financial management
systems at the component and department levels would operate
cohesively. The planning documents should be geared to an agency-wide
solution rather than individual component, stove-piped efforts and
establish mechanisms to monitor program cost, schedule, and
performance. We will continue to monitor DHS's financial management
system modernization efforts.
---------------------------------------------------------------------------
\3\ GAO-10-76.
---------------------------------------------------------------------------
Questions Submitted by Ranking Member William R. Keating for David C.
Maurer
Question 1a. GAO first designated DHS's implementation and
transformation as high-risk in 2003 because of the difficulty of
transforming 22 disparate agencies into one department. In addition,
many of these individual agencies were facing their own management and
mission challenges. But most importantly, the failure to effectively
address DHS's management challenges and program risks could have
serious consequences for our homeland security as well as our economy.
DHS transformation remained on the high-risk list in 2005, 2007, 2009,
and 2011 and GAO is preparing to issue its next high-risk update in
January 2013.
What actions has the Department taken since GAO's 2011 high-risk
update to transform and integrate the Department?
Answer. DHS has taken several actions to implement and transform
the Department in each of the management areas--human capital,
financial management, information technology, and acquisition
management--and management integration as illustrated in the examples
below.
DHS initiated a Senior Executive Service Candidate
Development Program in May 2011 to build its senior leadership
pipeline within the Department.
DHS achieved its goal of receiving a qualified audit opinion
on its consolidated balance sheet in fiscal year 2011 by moving
from a disclaimer of opinion to a qualified audit opinion on
its balance sheet and statement of custodial activity for the
first time since the Department's creation.\4\
---------------------------------------------------------------------------
\4\ A qualified opinion states that, except for the effects of the
matter(s) to which the qualification relates, the audited financial
statements present fairly, in all material respects, the financial
position, results of operations, and cash flows of the entity in
conformity with generally accepted accounting principles. The matter(s)
to which the qualification relates could be due to a scope limitation,
or the audited financial statements containing a material departure
from generally accepted accounting principles, or both. A disclaimer of
opinion states that the auditor does not express an opinion on the
financial statements (e.g., of scope limitations).
---------------------------------------------------------------------------
DHS consolidated six personnel security-related systems into
its Department-wide Integrated Security Management System as
part of its efforts to streamline and consolidate the
Department's human resources investments.\5\
---------------------------------------------------------------------------
\5\ GAO-12-241.
---------------------------------------------------------------------------
In October 2011, DHS established the Office of Program
Accountability and Risk Management (PARM) to enhance its
ability to oversee major acquisition programs--realigning the
acquisition management functions previously performed by two
divisions within the Office of Chief Procurement Officer and
elevating PARM to report directly to the Under Secretary for
Management.
In the management integration area, DHS has promoted
accountability for management integration among Department and
component management chiefs by, among other things, having the
Department chiefs provide written objectives that explicitly
reflect priorities and milestones for that management function
as well as aligning the component chiefs' individual
performance plans to the Department's goals and objectives.
In addition, DHS has continued to update and strengthen its
strategy for addressing our high-risk designation for implementing and
transforming the Department. Specifically, DHS provided updates to its
Integrated Strategy for High-Risk Management in June and December 2011.
These updates identify, among other things, the Department's management
initiatives and corrective actions for addressing its management
challenges. The Department is working on another update to the
strategy, which it expects to provide us in June 2012.
Question 1b. What should be the Department's focus going forward?
Answer. DHS needs to focus on executing its Integrated Strategy for
High-Risk Management and show measurable, sustainable progress in
implementing its management initiatives and corrective actions and
achieving outcomes.
Question 2a. In February 2012, GAO reported that DHS had developed
and started to implement an Integrated Strategy for High-Risk
Management and corrective action plans for acquisition, information
technology, financial, and human capital management functions.
What is GAO's assessment of the plan?
Answer. Overall, we believe that the December 2011 Integrated
Strategy for High-Risk Management positions DHS to address its
management challenges and the implementation and transformation high-
risk area. We identified four areas in which the Department could
strengthen or clarify the strategy to better enable DHS and GAO to
assess the Department's progress: (1) More clearly and consistently
report the resources available to implement corrective actions; (2)
consistently report on DHS's rationale for adding or removing
corrective actions; (3) establish measures and report on progress for
all initiatives; and (4) stabilize the methodology for measuring
progress. By strengthening these four aspects, we believe the December
2011 strategy, if implemented and sustained, provides a path for DHS to
address our high-risk designation.
Question 2b. What actions is DHS taking to implement the Integrated
Strategy?
Answer. DHS is taking actions to implement its Integrated Strategy
in each of the management areas--human capital, financial management,
information technology, acquisition management, and management
integration--as illustrated in our response to question 3a.
Question 2c. Is DHS committed to implementing this strategy,
including dedicating the resources required to fully implement the
corrective actions set forth in the strategy?
Answer. DHS's Secretary and Deputy Secretary and other senior
officials have demonstrated commitment and top leadership support to
implementing the Department's Integrated Strategy for High-Risk
Management. However, it is not always clear whether DHS is dedicating
the resources required to fully implement the corrective actions set
forth in the strategy because the Department has not consistently
identified the resources it needs or met its target completion dates.
Question 3. GAO reported that its prior work has identified
challenges related to acquisition oversight, cost growth, and schedule
delays, including Departmental concerns about the accuracy of cost
estimates for some of DHS's major programs.
What progress has DHS made in establishing an oversight body to
inform high-level trade-off decisions about its acquisition programs?
Answer. DHS has made some progress overseeing individual
acquisition programs, but does not have a high-level, decision-making
body for considering trade-offs across its entire portfolio of
investments. In 2003, DHS established the Joint Requirements Council
(JRC) to identify cross-cutting opportunities and common requirements
among DHS components, and help determine how DHS should use its
resources. When it met regularly, the JRC played a key role in
identifying several examples of overlapping investments, including
passenger screening programs. During 2006, the JRC stopped meeting
after the chair was assigned to other duties within the Department. In
2008, DHS representatives recognized that strengthening the JRC was a
top priority, and we recommended that DHS reinstate it or establish
another joint requirements oversight board.\6\
---------------------------------------------------------------------------
\6\ GAO-09-29.
---------------------------------------------------------------------------
In September 2010 we identified and provided to DHS 31 actions and
outcomes that are critical to addressing the challenges within the
Department's management areas and in integrating those functions across
the Department. Among these actions and outcomes, we reiterated the
need to create a joint requirements oversight board, and in response,
DHS stated that it would establish an executive decision structure--
presented as the Integrated Investment Life Cycle Model (IILCM)--to
prioritize capabilities and requirements across components by the end
of fiscal year 2011. As part of this proposed structure, a
``Capabilities and Requirements Council'' would consider trade-off
decisions across DHS's portfolio of investments. However, in the
December 2011 version of the Department's Integrated Strategy for High-
Risk Management, DHS reported that the IILCM will not begin operations
until the end of fiscal year 2012.
DHS has operated an Acquisition Review Board--recently renamed the
Investment Review Board--since 2008, and this board has instructed
individual programs to identify alternative acquisition approaches,
reconsider requirements, and pursue cost-saving efforts. The board has
also instructed individual programs to produce summaries of related
activities within DHS and the Department of Defense. However, DHS
continues to operate without an oversight board, similar to the JRC,
responsible for considering trade-offs across its entire portfolio of
investments.
Questions Submitted by Chairman Michael T. McCaul for Charles K.
Edwards
Question 1a. DHS has stated, ``The Department has not ensured or
mandated that components use all available acquisition tools and best
practices guidance to provide transparency and efficiency.''
Do components knowingly choose not to use these ``best practice''
acquisition tools for support? Or, are they not aware that these tools
even exist?
Answer. The Department has generally made progress in its
acquisition oversight processes and controls through implementation of
a revised acquisition management directive. However, the Department did
not ensure that components were using all acquisition tools available
and that all components had adequate policies and procedures in place
to manage acquisition programs. As we reported this past year, the
Department had not ensured or mandated that components use all
available tools and supporting programs, including the next-generation
Periodic Reporting System (nPRS) and the Department's Strategic
Sourcing Program Office (SSPO), to provide transparency and efficiency
of component acquisition programs. Some components developed systems
comparable to nPRS and may have awarded contracts without consideration
of the SSPO. As a result, the Department did not have complete
visibility of all programs within its acquisition portfolio.
Question 1b. What needs to be done to ensure that these new Centers
of Excellence to share tools and best practices will be successful?
Answer. The Department's Acquisition Program Management Division
recently reorganized to become the Office of Program Accountability and
Risk Management (PARM) on October 1, 2011 under a Centers of Excellence
model. The Department has not taken steps to ensure that all components
have developed prescribed policies and procedures for oversight of
acquisition programs. Directive 102-01 states that components retain
the authority to set internal acquisition processes and procedures, as
long as they are consistent with the spirit and intent of the
directive. However, not all components have created such policies and
procedures, and the Department has not taken steps to ensure the
adequacy of the processes and procedures that components developed. We
recommended that DHS implement a plan of action for Department-wide
finalization of acquisition management policies and procedures. The DHS
Under Secretary for Management addressed the desire for each component
to have a Component Acquisition Executive to lead a process and staff
to provide acquisition and procurement oversight, policy, and guidance
to ensure that statutory, regulatory, and higher-level policy
requirements are fulfilled. This is a good start. However, PARM needs
to effectively implement their Centers of Excellence model, and
aggressively work with Component Acquisition Executives if they are to
ensure their Centers of Excellence model successfully shares tools and
best practices.
Questions Submitted by Ranking Member William R. Keating for Charles K.
Edwards
Question 1. The latest version of the OIG's annual report on major
management challenges facing the Department states that it's
Department's financial management reporting ``has achieved a
significant milestone. For fiscal year 2011, the Department was able to
produce an auditable balance sheet and statement of custodial activity;
and the independent auditors rendered a qualified opinion on those
statements.''
Please discuss the importance of this achievement by the Department
relative to the scope of the financial management challenges it faces?
Answer. DHS' achievement of a qualified opinion on its balance
sheet and statement of custodial activity in fiscal year 2011 is
important because it shows that DHS is improving controls over the
financial administration of its programs and operations.
However, the independent auditor noted that DHS' financial
information technology (IT) infrastructure is aging and found financial
system functionality limitations at all of the significant DHS
components. As a result, some components are forced to use extensive
inefficient manual processes and workarounds to process reports and
report financial data. In addition, weaknesses in the general control
environment are interfering with more extensive use of IT application
controls needed to improve efficiencies in operations and reliability
of financial information. Until DHS modernizes its aging financial
systems and IT controls and systems, functionality limitations will
continue to be a major factor contributing to DHS financial management
challenges.
Question 2a. Improving the acquisition workforce has been noted as
a key acquisition management priority at the Department. Recently, the
Department added acquisition workforce development as a management
initiative.
What progress has the Department made in building and sustaining a
sufficient, capable, and properly trained workforce to support its
acquisition portfolio?
Answer. DHS made progress in the recruitment and retention of a
workforce capable of managing a complex acquisition program. The number
of procurement staff has more than doubled since 2005. In addition,
participation in the Acquisition Professional Career Program, which
seeks to develop acquisition leaders, increased 62% from 2008 to 2010.
Nevertheless, DHS continues to face acquisition workforce challenges
across DHS. For example:
GAO reported that the United States Coast Guard (Coast
Guard) reduced its acquisition workforce vacancies from
approximately 20 percent to 13 percent. According to its August
2010 human-capital staffing study, program managers reported
concerns with staffing adequacy in program management and
technical areas. To make up for shortfalls in hiring systems
engineers and other acquisition workforce positions for its
major programs, the Coast Guard uses support contractors, which
constituted 25 percent of its acquisition workforce as of
November 2010.
Acquisition staff turnover in FEMA has exacerbated file
maintenance problems and resulted in multimillion-dollar
contracts not being managed effectively or consistently. One of
FEMA's challenges is hiring experienced contracting officers to
work at disasters. The majority of FEMA staff at a disaster
site work on an on-call, intermittent basis.
Question 2b. Please explain the current shortfalls of the
Department's acquisition workforce and how the Office of Program
Accountability and Risk Management is addressing these shortfalls.
Answer. In its March 2010 Acquisition Human Capital Plan, DHS
defined acquisition workforce as ``contracting specialists/officers,
program managers, and contracting officer's technical
representatives.'' The Plan says that one of the hardest-to-fill
occupational series within the Federal Government is the 1102
contracting series (contract specialist) and focuses on attracting and
maintaining 1102s.
The Plan projected that DHS needed to annually increase the number
of 1102s by 5% each year to maintain a workforce that keeps pace with
projected workload. From a presumed adequate base of 1,326 at the end
of fiscal year 2009, DHS estimated that it will need 299 more 1102s by
the end of fiscal year 2014. In the March 2011 Plan update, DHS
reported that it will continue to expand the acquisition workforce
through the acquisition certification programs, acquisition
professional career program, and centralized acquisition training
program. The Plan update also indentified new initiatives that will
allow DHS to capture certification and training records of the
acquisition workforce and develop a staffing tool to determine optimal
1102 staffing levels relative to workload volume and complexity.
In response to OIG and GAO recommendations, the DHS Under Secretary
for Management restructured oversight of all major acquisition programs
in fiscal year 2011. A key part of this restructuring was the elevation
of the Program Accountability and Risk Management (PARM) Office to be a
direct report to him. The PARM Office was designed to: (1) Manage,
implement, and guide DHS managers of major investments through the
acquisition governance process, (2) provide independent assessments of
major investment programs, (3) work with DHS partners to enhance
business intelligence to inform Acquisition Review Board decisions, and
(4) monitor programs between formal reviews to identify any emerging
issues that DHS needs to address to keep the programs on track.
We have not yet reviewed the new PARM initiative and what effect it
may have on the acquisition workforce. However, if fully implemented
and sustained, we believe this program is a good approach toward more
effective acquisition management at DHS.
Question 3. In the current fiscal environment of doing more with
less, are the Department's efforts to develop a better acquisition
workforce reasonable (i.e., affordable and practical)?
Answer. DHS has taken action to implement and transform its
acquisition workforce, but like many Federal agencies it still faces
challenges recruiting and retaining quality staff. Rebuilding the
Federal acquisition capability represents a sensible investment where
money spent on hiring and training should pay off in terms of improved
contracting and a reduction in waste and fraud. While progress is being
made, much remains to be accomplished before procurements are managed
effectively. Almost every contracting challenge facing DHS--in
particular, poor acquisition planning, unjustified sole-source
contracts and inadequate oversight of contractors--can be traced back
to the Federal Government's failure, beginning in the early 1990's, to
invest in the Federal acquisition workforce.
While the size of the acquisition staff is important, ultimately,
it is the quality of the workforce that determines the quality of
acquisition outcomes. To be successful, as DHS finishes their capacity-
building initiative, it will need to focus attention on:
developing ways to deal with the acquisition
``sustainability question'' to retain interns and new hires for
more than just a few years;
improving the capability of the acquisition workforce that
they currently have, which includes training, right-sizing, and
right-shaping the workforce;
becoming ``One DHS'' focused on establishing a cohesive,
efficient, and effective organization; and
enhancing and integrating acquisition processes and
technology.
Question 4a. The DHS OIG continues to report a material weakness
related to information technology security and has identified
information security as a major management challenge. In the December
2011 Integrated Strategy for High-Risk Management, the Department
reports that it mostly addressed information technology security.
What specific steps is the Department taking to strengthen its
information technology security and to address the weakness identified
by the Office of Inspector General?
Answer. For the DHS Annual Financial Statement, KPMG continues to
identify a material weakness in the area of Information Security.
During the fiscal year 2011 financial statement audit, DHS did show
some improvements toward strengthening its information technology
security. The drivers for the material weakness in information
technology during fiscal year 2011 were the Coast Guard and FEMA.
Specific steps that the Coast Guard, FEMA, and the remainder of the
Department have taken to strengthen information technology are:
For Coast Guard:
During fiscal year 2011 audit, Coast Guard took corrective
action to address nearly half of the prior year IT control
weaknesses. Coast Guard made improvements by strengthening its
system security settings over some of its systems located at
the Operations Systems Center (OSC), Aviation Logistics Center
(ALC), and USCG Finance Center; strengthening controls over
audit log reviews at ALC; and improving data center controls at
OSC and ALC.
Coast Guard took actions to improve aspects of its system
password settings, data center physical security, and scanning
for system vulnerabilities.
For FEMA:
FEMA made improvements over implementing certain logical
controls over FEMA and National Flood Insurance Program
information systems, as well as development and implementation
of controls around patch management and vulnerability
management.
FEMA made improvements in IT entity-level controls,
including those related to incident response and handling,
contractor management, and IT investment life-cycle management.
Question 4b. What are some key indicators of success that
weaknesses have either been mitigated or corrected by the Department?
Answer. Key indicators that we feel show that the Department is
successfully mitigating or correcting the material weakness:
The number of prior-year IT audit findings for the
Department as a whole has decreased.
There have been fewer new IT issues identified at the
Department this past audit year. This is due to the increased
focus of the components on remediating the prior-year issues
and beginning to identify the root causes of the system-related
issues.
|
NEWSLETTER
|
|
Join the GlobalSecurity.org mailing list
|
|
|
