Information Technology
Homeland Security Should Better Balance Need for System Integration Strategy with Spending for New and Enhanced Systems Gao ID: GAO-04-509 May 21, 2004The Department of Homeland Security (DHS) faces the daunting task of bringing together 22 diverse agencies to lead efforts to protect the homeland. Among the challenges posed by this transformation is integrating these agencies' diverse information technology (IT) systems: mission support, administration, and infrastructure (e.g., networks). GAO was asked to determine (1) whether DHS has defined its IT systems integration strategy and (2) how DHS is ensuring that IT investments made by component agencies (specifically focusing on the Federal Emergency Management Agency, the Transportation Security Administration, and the Coast Guard) are aligned with the department's strategic direction.
DHS is developing an IT systems integration strategy through its ongoing efforts to finalize and implement an IT strategic plan, an enterprise architecture, and IT capital planning and investment control processes. According to the department, these three elements--which are essential parts of a framework for achieving effective systems integration--are areas of focus and planned to be fully in place before the end of 2004. The DHS Chief Information Officer (CIO) attributed the limited progress on the systems integration framework to date to (1) insufficient staffing, (2) higher priority demands (such as establishing a departmentwide e-mail system), and (3) near-term high-payoff opportunities (such as consolidating wireless communication capabilities). In the interim, DHS and its components have taken steps intended to promote the alignment of its components' ongoing and planned IT investments with the department's strategic direction. The steps include (1) subjecting major investments to review and approval by various departmental investment review boards, (2) continuing to have component agencies follow the IT strategic management structures and processes that they had before the department was formed, and (3) having meetings between component staff responsible for IT investments and staff working on the department's IT strategic management framework. GAO corroborated the department's use of this approach through analysis of IT investments being pursued by three DHS components, which the components indicated were representative of their general approach to aligning investments with the department's evolving strategic direction. While these steps have merit, they do not provide adequate assurance of strategic alignment across the department. For example, the second step simply continues the various approaches that produced the diverse systems that the department inherited, while the third relies too heavily on oral communication about complex IT strategic issues that are not yet fully defined--which increases the chances of misunderstanding and missed opportunities for integration. Moreover, the DHS CIO does not have authority and control over departmentwide IT spending--although such control is important for effective systems integration, as shown by GAO's research on successful private and public sector organizations and experience at federal agencies. Until its IT strategic framework is fully defined and effectively implemented, DHS runs the risk that the component agencies' ongoing investments--collectively costing billions of dollars in fiscal year 2004--will need to be reworked in the future, so that they can be effectively integrated and provide maximum value across DHS.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-04-509, Information Technology: Homeland Security Should Better Balance Need for System Integration Strategy with Spending for New and Enhanced Systems
This is the accessible text file for GAO report number GAO-04-509
entitled 'Information Technology: Homeland Security Should Better
Balance Need for System Integration Strategy with Spending for New and
Enhanced Systems' which was released on May 21, 2004.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Chairman, Committee on Transportation and Infrastructure,
House of Representatives:
May 2004:
INFORMATION TECHNOLOGY:
Homeland Security Should Better Balance Need for System Integration
Strategy with Spending for New and Enhanced Systems:
GAO-04-509:
GAO Highlights:
Highlights of GAO-04-509, a report to the Chairman, Committee on
Transportation and Infrastructure, House of Representatives
Why GAO Did This Study:
The Department of Homeland Security (DHS) faces the daunting task of
bringing together 22 diverse agencies to lead efforts to protect the
homeland. Among the challenges posed by this transformation is
integrating these agencies‘ diverse information technology (IT)
systems: mission support, administration, and infrastructure (e.g.,
networks). GAO was asked to determine (1) whether DHS has defined its
IT systems integration strategy and (2) how DHS is ensuring that IT
investments made by component agencies (specifically focusing on the
Federal Emergency Management Agency, the Transportation Security
Administration, and the Coast Guard) are aligned with the department‘s
strategic direction.
What GAO Found:
DHS is developing an IT systems integration strategy through its
ongoing efforts to finalize and implement an IT strategic plan, an
enterprise architecture, and IT capital planning and investment control
processes. According to the department, these three elements”which are
essential parts of a framework for achieving effective systems
integration”are areas of focus and planned to be fully in place before
the end of 2004. The DHS Chief Information Officer (CIO) attributed the
limited progress on the systems integration framework to date to (1)
insufficient staffing, (2) higher priority demands (such as
establishing a departmentwide e mail system), and (3) near-term high-
payoff opportunities (such as consolidating wireless communication
capabilities).
In the interim, DHS and its components have taken steps intended to
promote the alignment of its components‘ ongoing and planned IT
investments with the department‘s strategic direction. The steps
include (1) subjecting major investments to review and approval by
various departmental investment review boards, (2) continuing to have
component agencies follow the IT strategic management structures and
processes that they had before the department was formed, and (3)
having meetings between component staff responsible for IT investments
and staff working on the department‘s IT strategic management
framework. GAO corroborated the department‘s use of this approach
through analysis of IT investments being pursued by three DHS
components, which the components indicated were representative of their
general approach to aligning investments with the department‘s evolving
strategic direction.
While these steps have merit, they do not provide adequate assurance of
strategic alignment across the department. For example, the second step
simply continues the various approaches that produced the diverse
systems that the department inherited, while the third relies too
heavily on oral communication about complex IT strategic issues that
are not yet fully defined”which increases the chances of
misunderstanding and missed opportunities for integration. Moreover,
the DHS CIO does not have authority and control over departmentwide IT
spending”although such control is important for effective systems
integration, as shown by GAO‘s research on successful private and
public sector organizations and experience at federal agencies. Until
its IT strategic framework is fully defined and effectively
implemented, DHS runs the risk that the component agencies‘ ongoing
investments”collectively costing billions of dollars in fiscal year
2004”will need to be reworked in the future, so that they can be
effectively integrated and provide maximum value across DHS.
What GAO Recommends:
GAO is making recommendations to the Secretary aimed at limiting the
department‘s investment in IT systems until the department‘s IT
strategic management framework is sufficiently defined and the
department‘s CIO has sufficient authority to effectively implement
it.
GAO provided a draft of this report to DHS for comment. In its
comments, DHS did not agree or disagree with our findings, conclusions,
or recommendations. Rather, the comments provided information on DHS‘s
IT challenges and priorities that is consistent with our report.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
DHS Is in the Process of Defining Its Systems Integration Strategy:
DHS's Interim Steps to Reduce Risk of Rework for Ongoing IT Investments
Are Not Sufficient:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendixes:
Appendix I: Scope and Methodology:
Appendix II: Strategic Information Technology Management Framework
Components:
Appendix III: Comments from the Department of Homeland Security:
Appendix IV: GAO Contact and Staff Acknowledgments:
GAO Contact:
Acknowledgments:
Figures:
Figure 1: Simplified DHS Organization Chart:
Abbreviations:
CIO: Chief Information Officer:
DHS: Department of Homeland Security:
FEMA: Federal Emergency Management Agency:
IT: information technology:
OMB: Office of Management and Budget:
TSA: Transportation Security Administration:
Letter May 21, 2004:
The Honorable Don Young:
Chairman, Committee on Transportation and Infrastructure:
House of Representatives:
Dear Mr. Chairman:
When the Department of Homeland Security (DHS) began operations in
March 2003, it faced the daunting task of bringing together 22 diverse
agencies. Not since the creation of the Department of Defense had the
federal government undertaken a transformation of this magnitude. As we
previously reported,[Footnote 1] such a transformation poses
significant management and leadership challenges, one of which is
integrating the 22 agencies' respective mission support,
administrative, and infrastructure (e.g., networks) information
technology (IT) systems.
In response to your request to review this system integration
challenge, we agreed with your office to determine (1) whether DHS has
defined its systems integration strategy and (2) how DHS is ensuring
that component agency system investments are aligned with the
department's strategic direction. In performing our work on the second
objective, as you requested, we focused on three DHS component
agencies: the Federal Emergency Management Agency, the Transportation
Security Administration, and the Coast Guard. Our work at DHS and
component agencies was performed in accordance with generally accepted
government auditing standards. Details of our scope and methodology are
in appendix I.
Results in Brief:
DHS is in the process of defining its systems integration strategy. The
department has several efforts under way: finalizing a draft IT
strategic plan, institutionalizing its recently revised IT capital
planning and investment control processes, and developing the next
version of its enterprise architecture.[Footnote 2] DHS initiated these
efforts shortly after it began operations, and it plans to have them
fully in place before the end of 2004. If defined and implemented
properly, these efforts could go a long way toward providing the
necessary strategic IT management framework for, among other things,
integrating DHS's current and future systems and aligning them with the
department's strategic goals and mission. According to DHS's Chief
Information Officer (CIO), who is responsible for leading these
efforts, progress to date on the systems integration strategy has been
impeded by (1) insufficient staffing; (2) higher priority demands, such
as establishing a departmentwide e-mail system; and (3) near-term,
high-payoff opportunities, such as consolidating wireless
communication capabilities. Nevertheless, the CIO stated that
completing DHS's strategic IT management framework is important and an
area of focus in 2004 because the longer the department's component
organizations continue to invest in systems without such an effectively
implemented framework, the greater the risk that these component
systems will later require costly rework to integrate.
Until the framework has been completed, DHS is taking interim steps
that are intended to address ongoing and planned component IT
investments' integration and alignment with the evolving framework.
These steps include (1) departmental assessment and approval of certain
major investments, (2) component agencies' continued use of the same
strategic IT management structures and processes that they had before
the department was formed, and (3) meetings between persons in these
components who are responsible for ongoing and planned IT investments
and those persons who are putting in place the department's strategic
IT management framework. While these steps have merit, they do not
provide adequate assurance of strategic alignment across the
department, and thus the risk is increased that the component agencies'
ongoing investments, collectively costing billions of dollars in fiscal
year 2004, will need to be reworked at some future point to be
effectively integrated and maximize departmentwide value. For example,
the second step continues reliance on the components' various
approaches that produced the diverse set of systems that the department
inherited, while the third relies too heavily on oral communication
about strategic contexts and frames of reference that have not yet been
fully defined, thus increasing the chances of both misunderstanding and
missed integration opportunities. Moreover, they do not provide the
department's CIO with the level of IT spending authority and control
that our research at leading organizations and past work at federal
departments and agencies has shown is important for effective
integration of systems across organizational components.
To help DHS better manage the risks that it faces, we are making
recommendations to the Secretary aimed at limiting the department's
near-term investment in new and existing IT systems until the
department's strategic IT management framework is sufficiently defined
and the department's CIO has sufficient authority to effectively
implement it. Examples of our recommended areas of near-term investment
are cost-effective efforts that are congressionally directed, take
advantage of relatively small, low-risk opportunities to leverage
technology in satisfying a compelling homeland security need, or
support operations and maintenance of existing systems critical to
DHS's mission.
In commenting on a draft of this report, DHS did not agree or disagree
with our findings, conclusions, or recommendations. Rather, the
department described DHS's IT challenges and priorities and provided
documentation on them, including efforts to achieve its priorities. The
information conveyed in DHS's comments is consistent with information
obtained during our review that showed progress and plans for
institutionalizing the department's strategic IT management framework.
Background:
In the aftermath of the terrorist attacks of September 11, 2001,
responding to potential and real threats to homeland security became
one of the federal government's most significant challenges. To address
this challenge, the Congress passed, and the President signed, the
Homeland Security Act of 2002, which merged 22 federal agencies and
organizations into DHS, making it the third largest federal department,
with an annual budget of about $40 billion.[Footnote 3] As we
previously reported,[Footnote 4] one of the department's key challenges
will be integrating the 22 components' respective IT organizations and
the approximately 700 mission support, administrative, and
infrastructure IT systems.
DHS Mission and Organization:
In establishing the new department, the Congress defined a seven-point
mission for DHS:
* prevent terrorist attacks within the United States;
* reduce the vulnerability of the United States to terrorism;
* minimize the damage and assist in the recovery from terrorist
attacks;
* carry out all functions of entities transferred to the department,
including acting as a focal point regarding natural and man-made crises
and emergency planning;
* ensure that the functions of the components within the department
that are not directly related to securing the homeland are not
diminished or neglected;
* ensure that the overall economic security of the United States is not
diminished by efforts aimed at securing the homeland; and:
* monitor connections between illegal drug trafficking and terrorism,
coordinate efforts to sever such connections, and otherwise contribute
to efforts to interdict illegal drug trafficking.
To help accomplish this integrated homeland security mission, the
various mission areas and associated programs of 22 federal agencies
were merged, in whole or in part, into DHS. The department's
organizational structure generally consists of eight major entities,
the U.S. Secret Service, the U.S. Coast Guard, the Bureau of
Citizenship and Immigration Services, and five directorates--Border and
Transportation Security, Emergency Preparedness and Response, Science
and Technology, Information Analysis and Infrastructure Protection, and
Management (see fig. 1).
Figure 1: Simplified DHS Organization Chart:
[See PDF for image]
[End of figure]
Within the Management Directorate is the DHS Office of the CIO, which
is assigned primary responsibility for addressing departmentwide system
integration issues. According to the CIO, this office is responsible
for, among other things, developing and facilitating the implementation
of such integration enablers as the department's IT strategic plan, key
aspects of the IT investment management process, and enterprise
architecture. (Each of these three system integration enablers is
discussed in greater detail in app. II.) According to the CIO, his
office was authorized 65 positions[Footnote 5] and provided $245
million in funding for fiscal year 2004.[Footnote 6]
DHS Predecessor Agencies and Programs Have Varying Characteristics:
The 22 agencies and agency components that were merged into DHS vary in
a number of ways, including their time in existence, size, and mission
focus, the latter ranging from law enforcement and border security to
biological research, computer security, and disaster mitigation. The
Federal Emergency Management Agency (FEMA), the Transportation Security
Administration (TSA), and the U.S. Coast Guard illustrate this variety:
* FEMA: This agency was formed about 25 years ago to consolidate
emergency and disaster relief functions that were spread across several
federal agencies. FEMA's mission is to help the United States prepare
for, prevent, respond to, and recover from disasters. FEMA, which is
now in DHS's Emergency Preparedness and Response directorate, has about
2,500 full-time employees, an additional 5,000 stand-by disaster
reservists, and an annual operating budget of about $4.8 billion.
* TSA: This agency was established about 2½ years ago as part of the
U.S. Department of Transportation in response to the September 11
terrorist attacks. TSA's mission includes ensuring safety in civil
aviation and at airports through screening, intelligence, education,
and regulation. Now in DHS's Border and Transportation Security
directorate, TSA has about 53,000 employees and an annual operating
budget of about $5.3 billion.
* Coast Guard: This agency was established over 200 years ago, and in
time of war is under the direction of the Department of the Navy. The
Coast Guard's mission is to protect the public, the environment, and
U.S. economic and security interests in international waters and
America's coasts, ports, and inland waterways. The Coast Guard, which
is an agency that reports directly to the DHS Secretary, has
approximately 39,000 full-time military personnel, 6,000 full-time
permanent civilian employees, and an operating budget of about $7.5
billion.
Each of the 22 agencies or agency components also brought with it its
individual IT management organization. In particular, FEMA, TSA, and
the Coast Guard each have CIO organizations to perform IT management
functions, such as investment management, information security, and
enterprise architecture. According to FEMA, its CIO organization has
about 262 permanent employees and approximately 70 temporary (disaster-
related) employees. TSA reports that its CIO organization has roughly
145 employees. The Coast Guard reports that its CIO organization has
approximately 140 employees. Collectively, these three CIO
organizations account for about 600 authorized positions and control
about $3.6 billion in fiscal year 2004 IT budget and spending.
Integrating 22 Component Organizations' Numerous and Diverse IT Systems
Poses a Formidable Challenge:
In addition to the aforementioned differences among the 22 agencies and
agency components, the 22 agencies also brought their respective IT
systems. DHS inherited about 700 of these systems, and, according to
the DHS CIO, the department has categorized them into three groups:
direct mission support, back office, and infrastructure. In fiscal year
2004, DHS requested about $4.1 billion--the third largest IT budget in
the federal government[Footnote 7]--to manage these systems, including
operating and maintaining existing systems and acquiring new systems
that were being initiated or were under way within the 22 agencies and
agency components before the department was formed. Examples of new
system investments include the following in the Border and
Transportation Security directorate:
* Integrated Surveillance Intelligence System: This system is to
provide full-time border coverage through ground-based sensors, fixed
cameras, and computer-aided detection capabilities. For fiscal year
2004, funding for the system is about $55.7 million. The life-cycle
cost for the system is estimated to be about $1.17 billion.
* Computer Assisted Passenger Prescreening System II: This system,
better known as CAPPS II, is to identify airline passengers requiring
additional security attention. For fiscal year 2004, funding for the
system is about $45 million. The life-cycle cost of the system through
fiscal year 2008 is estimated to be about $380 million.[Footnote 8]
* Automated Commercial Environment: This system, also known as ACE, is
to be a new trade processing system that is planned to support
effective and efficient movement of goods into the United States. For
fiscal year 2004, funding for the system is about $318.7 million. The
life-cycle cost of the system is estimated to be about $1.5
billion.[Footnote 9]
* United States Visitor and Immigrant Status Indicator Technology: This
system, commonly called US-VISIT, is to strengthen management of the
pre-entry, entry, status, and exit of foreign nationals who travel to
the United States. For fiscal year 2004, funding for US-VISIT is about
$330 million. The department did not provide us with an estimated life-
cycle cost for the system.[Footnote 10]
Control over the department's IT budget is vested primarily with the
CIO organizations within each of its component organizations. These
component CIO organizations are accountable to the heads of DHS's
respective organizational components. For example, the CIO for the
Bureau of Customs and Border Protection, which is a component of the
Border and Transportation Security directorate, reports to the
Commissioner of Customs and Border Protection, not to the DHS CIO.
To maximize its mission performance, DHS faces the enormous task of
integrating and consolidating its roughly 700 systems. This includes
exploiting opportunities to eliminate and consolidate systems in order
to improve mission support and reduce system costs. As we recently
reported,[Footnote 11] OMB, before DHS's formation, reviewed the IT
investments within the department's predecessor agencies and agency
components to identify, among other things, whether savings could be
realized through integration and consolidation. In July 2002, OMB
reported that 2-year savings of between $165 million and $285 million
could be possible through consolidation of the components' IT
investments in infrastructure and business systems alone. OMB also
acknowledged that at the time of its review, the anticipated budgetary
savings had not yet occurred, and for that reason, it assigned DHS
responsibility for executing the consolidations and tracking savings
when they are realized. Accordingly, we recommended, among other
things, that DHS periodically report to its congressional committees
the budgetary savings that result from department consolidation and
integration efforts.
DHS Is in the Process of Defining Its Systems Integration Strategy:
Our research on successful public and private sector organizations and
our experience in reviewing the management of agency integration
efforts shows that those entities that were successful in such
integration relied on effective strategic IT management frameworks to
guide their efforts, including developing IT strategic plans,
implementing effective IT investment management and decision-making
practices, and developing and enforcing an enterprise
architecture.[Footnote 12] Moreover, we have previously reported that
the effective integration of new and existing IT systems is a critical
success factor for DHS because this integration is a means to (1) more
efficient operations, through, for example, elimination of system
redundancies and overlap, and (2) more effective operations, through,
for example, increased information sharing within DHS and between it
and other agencies involved in homeland security (e.g., the Federal
Bureau of Investigation and the Central Intelligence Agency).[Footnote
13] The tenets of developing and using a strategic management framework
are described in our prior research on best practices in private-sector
firms and government organizations[Footnote 14] and are called for in
federal IT management laws and guidance, such as the Clinger-Cohen
Act[Footnote 15] and OMB Circular No. A-130.[Footnote 16] Jointly, the
act and circular direct federal agencies to develop and implement
systems integration strategies through a comprehensive strategic IT
management framework that, among other things, includes:
* developing and implementing an IT strategic plan that defines how IT
will be managed to support agency missions;
* establishing and implementing an IT investment management process
that is linked to budget formulation and execution, and provides for
continuous and informed investment decision-making based on the
relative costs, benefits, and risks of competing investment options;
and:
* developing and implementing an enterprise architecture that describes
the current and future operational and technological states and
provides a plan for sequencing between the two states that can be used
for system acquisition and investment decision-making purposes.
(Each of these framework components is described in more detail in app.
II.) The processes and tools associated with these strategic management
disciplines serve to provide a common, authoritative understanding of
both the desired ends, such as systems integration, and the means to
these ends.
DHS has not yet completed a systems integration strategy, but it is in
the process of doing so through its ongoing efforts to finalize a draft
IT strategic plan, institutionalize a recently revised IT investment
management process, and develop a more complete enterprise
architecture. Each is discussed below.
* IT strategic plan. DHS is in the process of finalizing a draft plan.
According to a March 2004 draft,[Footnote 17] which department
officials told us was current, the plan is to be the driving force in
establishing DHS's strategic IT management framework. Its stated
purpose is to discuss how the department plans to manage and use IT to
achieve strategic mission goals.
To achieve mission goals, the plan identifies eight priorities for
2004: information sharing, mission rationalization, portfolio
management, security, single infrastructure, enterprise architecture,
governance, and human capital. DHS officials said that, when completed,
the plan is to define the associated steps to achieve each priority.
For example, to achieve the priority of a single infrastructure, which
calls for the establishment of a single wide area network and
associated infrastructure connecting the department's components, the
plan identifies eight initiatives--such as establishing enterprise
information assurance, implementing a standard desktop computing
environment, and consolidating data centers. The plan also provides for
establishing key IT management processes and products--namely,
investment management and enterprise architecture, respectively--that
the department views as essential to implementing the plan. According
to the CIO, the department has recently identified a senior DHS
business sponsor and a member of the CIO's office to develop detailed
plans for each priority, and these plans are to be completed by mid-
2004.
* Investment management process. DHS has developed and has begun
implementing a departmental IT investment management process.
Specifically, in May 2003, DHS issued an investment review management
directive and an IT capital planning and investment control guide,
which specify investment documentation and review requirements. The
stated purpose of the management directive includes ensuring that
spending on IT investments directly supports DHS's mission goals and
objectives, and that duplicative spending on system investments is
identified for cost-saving consolidation. Among other things, this
directive requires that system investments support the department's
mission goals and objectives, including those identified in the IT
strategic plan, enterprise architecture, other department policies and
strategies (e.g., business strategic plan), and federal strategies and
guidance (e.g., the National Strategy for Homeland Security[Footnote
18]). The directive also requires that as part of the investment
approval process, component organizations demonstrate to executive
management that proposed project requirements are consistent with DHS's
strategic plans and enterprise architecture.
We reported in February 2004[Footnote 19] that this process was being
refined and institutionalized. For example, while DHS had established a
departmentwide IT Investment Review Board for managing and overseeing
expensive and mission-critical system investments, the board had only
reviewed 9 investments, while about 100 investments were eligible for
review. Accordingly, we recommended that DHS develop a schedule for
reviewing the investments under its control and oversight. According to
the CIO, DHS has since refined its investment review and control
process by, for example, creating a hierarchy of investment review
boards, adjusting the criteria governing the level of board review
needed for projects, and developing templates and other tools to aid in
the review process. The CIO stated that the potential effect of these
changes will be to expedite the backlog of project reviews. DHS is now
focusing on institutionalizing this process, including developing
review schedules for the respective boards.
* Enterprise architecture: DHS is in the process of developing the next
version of its enterprise architecture. In August 2003, DHS issued the
first version of its architecture, which DHS officials described as
conceptual and high-level. Nevertheless, DHS officials said the
department has been able to use the architecture on a limited basis to,
for example, consolidate investments into related areas in developing
the department's fiscal year 2005 budget request, including identifying
opportunities to merge proposals. DHS plans to continue evolving the
architecture and issue another version in September 2004. We are
currently reviewing the initial version of the architecture at the
request of the Chairman of the House Subcommittee on Technology,
Information Policy, Intergovernmental Relations and the Census,
Committee on Government Reform.
According to the CIO, although DHS started working on its strategic IT
management framework soon after the department began operation,
progress to date on completing the framework--which would provide,
among other things, a departmentwide systems integration strategy--has
been impeded by (1) insufficient staffing; (2) higher priority demands,
such as establishing a departmentwide e-mail system and linking and
consolidating existing DHS component networks; and (3) near-term, high-
payoff opportunities, such as consolidating wireless communication and
computer operations capabilities, and linking DHS networks with partner
agencies outside the department.
Of these three issues, the CIO stated that insufficient staffing is
currently the biggest obstacle. More specifically, the CIO said that
his office received substantially less staff than he requested when the
department was originally established in 2003. To illustrate his
statement, the CIO said that after studying other comparably sized
federal department CIO organizations, he requested approximately 163
positions. However, he said that his office received about 65
positions. The CIO also said that his office does not have authority
over the hundreds of staff in the component CIO offices and billions of
dollars that the 22 agencies and agency components control, and he
acknowledged that DHS components often each have substantially more IT
staff resources than his office. In contrast, according to our research
on leading private and public sector organizations and experience at
federal agencies, leading organizations adopt and use an enterprisewide
approach under the leadership of a CIO or comparable senior executive
who has the responsibility and authority, including budgetary and
spending control, for IT across the entity.[Footnote 20]
Additionally, the CIO told us that completing the department's
strategic IT management framework and implementing the kind of IT
budgetary control and authority model needed for its effective
implementation and enforcement is important and is an area of focus in
2004. The CIO added that completing this effort is important because
the department continues to make substantial IT investments without the
strategic management framework and the IT spending authority and
control model needed to effectively integrate new and existing systems
across the department. Our research on leading organizations and our
experience at federal agencies show that proceeding in this manner
increases the risk that investments may later require expensive rework
to be effectively integrated and brought into alignment with the
framework.[Footnote 21]
DHS's Interim Steps to Reduce Risk of Rework for Ongoing IT Investments
Are Not Sufficient:
OMB has issued guidance to federal agencies directing them to develop
and implement management structures and processes to ensure proper
alignment between IT system investments and mission goals, strategic
visions, plans, and future architectural states.[Footnote 22]
Additionally, our prior reviews at federal agencies and research on
enterprise IT management have shown that attempts to align new and
existing systems without an effective strategic management framework
increase the risk of investing in system solutions that are
duplicative, are not well integrated, are unnecessarily costly to
maintain and interface, and do not effectively optimize mission
performance.[Footnote 23] Accordingly, until agencies develop
strategic management frameworks, we have recommended[Footnote 24]
limiting IT spending to cost-effective efforts that are congressionally
directed; are near-term, relatively small, and low-risk opportunities
to leverage technology in satisfying a compelling agency need; support
operations and maintenance of existing mission-critical systems;
involve deploying an already developed and fully tested system; or
support the establishment of an agency's strategic IT management
framework.
Although DHS has defined and is institutionalizing structures and
processes for IT investment management that are intended to align
investments with the department's strategic direction, these investment
management structures and processes are not yet fully implemented.
Moreover, two key ingredients to effective investment management--a
departmentwide IT strategic plan and the next version of the enterprise
architecture--are not yet in place. In the interim, DHS has relied on
its evolving investment management structures and processes. In
addition, DHS officials told us that component agencies and
organizations have followed the respective investment management
approaches, strategic plans, and architectures that existed within
their pre-DHS organizations, augmented by informal contacts with
department-level strategic planners and architects, and consideration
of the President's National Strategy for:
Homeland Security[Footnote 25] and statutory provisions related to
homeland security, such as the Maritime Transportation Security Act.
The use of these respective approaches is evident in the following
three IT system investments from FEMA, TSA, and Coast Guard. According
to the three components, these are illustrative of how each is ensuring
that its IT investments are aligned with the department's strategic
direction:
* Grant Business Management System. FEMA began acquiring this system in
2003 to automate its end-to-end grant management processes. According
to FEMA, the system is to be fully operational by fiscal year 2009, and
about $8.2 million is to be spent on it in fiscal year 2004. Currently,
FEMA reports that the system's requirements have been defined and
system design activities are under way. To justify its 2004 investment
in the system, agency officials told us that they followed internal
FEMA investment management processes, including explicitly mapping the
system's functions to the goals and objectives in the National Strategy
for Homeland Security, the President's Management Agenda,[Footnote 26]
and the FEMA Strategic Plan. These officials also told us that they
have since begun to justify the system's fiscal year 2005 request
following DHS's capital planning and investment control guidance,
augmented by meetings with DHS's enterprise architecture team to
discuss the system's alignment with the department's strategic
direction. According to the officials, these meetings were not
documented, but they said a discussion topic was the system's mission-
needs statement, and whether it could be linked to the DHS enterprise
architecture.
* Integrated Intermodal Information System. TSA began developing this
system in 2003 to integrate selected multimodal passenger and cargo
data for the purpose of identifying suspicious or anomalous situations.
During fiscal year 2004, TSA plans to spend about $1 million for the
concept development phase of the system. In proposing the system,
agency officials stated that they followed TSA internal investment
management processes, including linking the system's mission needs
statement and its requirements with the goals and objectives specified
in the National Strategy on Homeland Security and the President's
Management Agenda. However, system initiation documents show only that
TSA linked the system to TSA's draft strategic plan. The officials said
that as the system acquisition progresses, they plan to follow the DHS
investment management process, including the appropriate steps to
ensure that the system is aligned with DHS's strategic plans and
enterprise architecture.
* Aviation Logistics Management Information System. The Coast Guard
began acquiring this system in 2001 to support aircraft operations,
logistics, and maintenance. In 2002, and after about $12.3 million was
invested, the system began operating; the Coast Guard reports that it
spends about $5 million each year to operate and maintain it. Coast
Guard officials told us that they followed internal Coast Guard capital
planning and investment control guidance, along with OMB guidance, in
justifying this and other IT investments as part of the annual budget
cycle. Project documentation shows that system performance goals and
measures have been mapped to the Coast Guard's annual performance plan
and strategic plan. The Coast Guard Chief Knowledge Officer said that
since the Coast Guard became a separate component agency within DHS, it
has continued to monitor the system's strategic alignment using this
same capital planning and investment control guidance.
In summary, these examples show that to align their ongoing system
investments with DHS's evolving systems integration strategy, the
component organizations have thus far relied primarily on the
respective investment management approaches, strategic plans, and
architectures that existed within their pre-DHS organizations,
augmented by informal contacts with department-level strategic planners
and architects, and consideration of the President's National Strategy
on Homeland Security. However, this approach continues reliance on the
components' individual IT strategies, investment processes, and
architectures that produced the diverse set of systems that the
department inherited when it was established. In addition, using
informal communication relies too heavily on oral discussions of
complex strategic contexts and frames of reference that are still being
explicitly defined, thus increasing the chances of both
misunderstanding and misinformed decisions.
According to the DHS CIO and officials within the three component
organizations, this approach was adopted to permit the department to
pursue mission need-based system capabilities while the department's
strategic IT management framework was being developed. DHS officials
said that as the framework is institutionalized, component agencies are
beginning to use DHS processes. Nevertheless, the longer the department
continues to invest in major IT systems without the completed framework
and sufficient department-level CIO authority over component IT
organizations' resources and spending, the greater the risk is that new
and existing system investments will later require rework to be
properly aligned with the framework.
Conclusions:
Having a well-defined and executed departmentwide strategic IT
management framework is critical to DHS's ability to effectively and
efficiently integrate its components' new and existing systems. DHS's
CIO recognizes this and has stated his commitment to ensuring that the
framework is put in place. However, DHS-wide allocation of resources
across the department has yet to reflect this criticality; huge sums
are going to component IT management organizations and investments,
while relatively fewer resources are being invested in the department's
strategic IT framework. Moreover, DHS has yet to assign the
department's CIO explicit authority over all of its IT spending. It is
important that DHS strike the proper balance between component
organizations' pursuit of new and enhanced systems and establishing the
means for achieving its departmentwide systems environment--a
homogeneous family of systems that optimally support departmentwide
operations and mission performance. Steps taken thus far have yet to
strike this balance, which increases the risk that today's IT system
investments will have to be redone tomorrow to produce the target
systems environment.
Recommendations for Executive Action:
Until DHS's strategic IT management framework is completed and
available to effectively guide and constrain the billions of dollars
that it is spending on IT investments, we recommend that the Secretary
of Homeland Security direct the heads of the department's directorates
and agencies to limit spending on their respective IT investments to
cost-effective efforts that:
* are congressionally directed;
* take advantage of near-term, relatively small, low-risk opportunities
to leverage technology in satisfying a compelling homeland security
need;
* support operations and maintenance of existing systems critical to
DHS's mission;
* involve deploying an already developed and fully tested system; or:
* support establishment of a DHS strategic IT management framework,
including IT strategic planning, enterprise architecture, and
investment management.
We also recommend that in determining the cost-effectiveness of these
IT investments, the Secretary direct the heads of DHS's directorates
and agencies to ensure that full consideration be given to the
estimated cost of any future system rework that would be needed to
later align the system with the department's emerging systems
integration strategy.
Further, we recommend that the Secretary examine the sufficiency of IT
spending authority vested in the CIO and take appropriate steps to
correct any limitations in authority that constrain the CIO's ability
to effectively integrate IT investments in support of departmentwide
mission goals.
Agency Comments and Our Evaluation:
In written comments on a draft of this report, which are reprinted in
appendix III, the DHS Assistant Secretary for Legislative Affairs did
not agree or disagree with our findings, conclusions, or
recommendations. Rather, the Assistant Secretary described DHS's IT
challenges and priorities, and provided documentation on them,
including efforts to achieve its priorities. Specifically, the
Assistant Secretary stated that three major IT challenges face DHS:
ensuring that homeland security employees have system-enabled solutions
and tools to safeguard our country, integrating existing IT systems
within the context of the department's enterprise architecture, and
identifying and eliminating IT system overlap and redundancy while not
hampering ongoing mission activities. In addition, the Assistant
Secretary (1) identified eight departmentwide priorities (e.g., IT
portfolio management, enterprise architecture, and information
sharing) that the DHS and component CIOs have set and (2) described
efforts under way to develop business cases and other plans needed to
address the eight. The information conveyed in DHS's comments is
consistent with information obtained during the course of our review
that showed progress and plans for institutionalizing the department's
strategic IT management framework.
As agreed with your staff, unless you publicly announce the contents of
this report earlier, we plan no distribution of it until 30 days from
the date of this report. At that time we will send copies of this
report to the Secretary of Homeland Security, and the Director, OMB. We
will also make copies available to others upon request. In addition,
the report will be available at no charge on the GAO Web site at
[Hyperlink, http: //www.gao.gov]. If you have any questions on matters
discussed in this report, please contact me at (202) 512-3439 or at
[Hyperlink, hiter@gao.gov]. Key contributors to this report are listed
in appendix IV.
Sincerely yours,
Signed by:
Randolph C. Hite,
Director, Information Technology Architecture and Systems Issues:
[End of section]
Appendixes:
[End of section]
Appendix I: Scope and Methodology:
To evaluate whether the Department of Homeland Security (DHS) has
defined a systems integration strategy, we requested and reviewed
relevant plans and documents from the department, including policies,
procedures, guidance, and other business and information technology
(IT) strategic documents. Because these documents were being developed,
we did not evaluate their quality or completeness. We also interviewed
DHS officials, including the Chief Information Officer (CIO) and other
department and selected component agency officials responsible for
strategic planning to, among other things, identify the status of their
efforts to develop an IT strategic plan, to refine its capital planning
and investment control process, and to develop an enterprise
architecture.
To determine how DHS is ensuring that component agency IT investments
are aligned with the department's strategic direction, we reviewed
department investment management policies and procedures and other
associated documents. We also interviewed DHS's CIO and other
department officials responsible for IT planning and investment
management, including strategic investment alignment. As requested, we
focused on three DHS components agencies: the Federal Emergency
Management Agency (FEMA), the Transportation Security Administration
(TSA), and the U.S. Coast Guard. We requested that each of these
components provide a representative example of an IT system investment
that best demonstrated the interim steps that it was taking to align
system investments with DHS's evolving strategic IT management
framework. The examples provided were FEMA's Grant Business Management
System, TSA's Integrated Intermodal Information System, and the Coast
Guard's Aviation Logistics Management Information System. We reviewed
available documentation for the examples to determine how each
component is ensuring that investments are aligned with DHS's strategic
direction. We also interviewed FEMA, TSA, and Coast Guard officials as
necessary to understand the steps they had taken to strategically align
these investments.
We performed our work at DHS and component agency facilities in the
Washington, D.C., area from September 2003 through March 2004, in
accordance with generally accepted government auditing standards.
[End of section]
Appendix II: Strategic Information Technology Management Framework
Components:
The tenets of a strategic information technology (IT) management
framework are described in our prior research on best practices in
private-sector firms and government organizations[Footnote 27] and are
called for in federal management laws and guidance, such as the
Clinger-Cohen Act[Footnote 28] and Office of Management and Budget
(OMB) Circular No. A-130.[Footnote 29] Three key components of such a
framework are an IT strategic plan, an IT investment management
process, and an enterprise architecture.
An IT strategic plan serves as a vision or road map for implementing
effective management controls and marshalling resources in a manner
that will facilitate leveraging of IT to support mission goals and
outcomes. The strategic plan should be tied to and support the agency
strategic plan and provide for establishing and implementing IT
management processes. Among other things, the plan should describe the
management processes required for the IT function to execute its roles
and responsibilities, thereby facilitating achievement of agency
missions.
An IT investment management process provides a systematic method for
agencies to minimize risks while maximizing return on investment. A
central element of the federal approach to investment management has
been the select/control/evaluate model. This model was initially
identified in our Strategic Information Management Executive
Guide,[Footnote 30] expanded in OMB's investment guidance,[Footnote 31]
and then refined in our subsequent guidance.[Footnote 32] During the
select phase, the organization (1) identifies and analyzes each
project's risks and returns before committing significant funds to any
project and (2) selects those projects that will best support its
mission needs. During the control phase, the organization ensures that,
as projects develop and investment expenditures continue, the project
continues to meet mission needs at the expected levels of cost and
risk. If the project is not meeting expectations or if problems have
arisen, steps are quickly taken to address the deficiencies. If mission
needs have changed, the organization is able to adjust its objectives
for the project and appropriately modify expected project outcomes.
During the evaluate phase, actual versus expected results are compared
after a project has been fully implemented. This is done to (1) assess
the project's impact on mission performance, (2) identify any changes
or modifications to the project that may be needed, and (3) revise the
investment management process based on lessons learned.
As discussed in our framework for assessing and improving enterprise
architecture management,[Footnote 33] an enterprise architecture
provides a clear and comprehensive picture of the structure of an
entity, whether an organization or a functional or mission area. It is
an essential tool for effectively and efficiently engineering business
processes and for implementing and evolving supporting systems. More
specifically, enterprise architectures are systematically derived and
captured blueprints or descriptions--in useful models, diagrams, and
narrative--of the mode of operation for a given enterprise. This mode
of operation is described in both (1) logical terms, such as
interrelated business processes and business rules, information needs
and flows, data models, work locations, and users, and (2) technical
terms, such as hardware, software, data, communications, security
attributes, and performance standards. They provide these perspectives
both for the enterprise's current, or "as is," environment and for its
target, or "to be," environment, as well as a transition plan for
moving from the "as is" to the "to be" environment.
[End of section]
Appendix III: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security
Washington, DC 20528:
MAY 11 2004:
Homeland Security:
Mr. Randolph Hite:
Director, Architecture and Systems Issues:
General Accounting Office:
Washington, DC 20548:
Dear Mr. Hite:
Thank you for the opportunity to review the draft report entitled
Homeland Security Should Better Balance Need for System Integration
Strategy with Spending for New and Enhanced Systems (GAO-04-509). This
letter is prepared pursuant to 31 U.S.C. 720.
GAO Recommendations:
Until DHS's strategic IT management framework is completed and
available to effectively guide and constrain the billions of dollars
that it is spending on IT investments, we recommend that the Secretary
of Homeland Security direct the heads of the department's directorates
and agencies to limit spending on their respective IT investments to
cost-effective efforts that:
* are congressionally directed;
* take advantage of near-term, relatively small, low-risk opportunities
to leverage technology in satisfying a compelling homeland security
need;
* support operations and maintenance of existing systems critical to
DHS's mission; involve deploying an already developed and fully tested
system, or:
* support establishment of a DHS strategic IT management framework,
including IT strategic planning, enterprise architecture, and
investment management.
We also recommend that in determining the cost-effectiveness of these
IT investments, the Secretary direct the heads of DHS's directorates
and agencies to ensure that full consideration be given to the
estimated cost of any future system rework that would be needed to
later align the system with the department's emerging systems
integration strategy.
Further, we recommend that the Secretary examine the sufficiency of IT
spending authority vested in the CIO and take appropriate steps to
correct any limitations in authority that constrain the CIO's ability
to effectively integrate IT investments in support of department-wide
mission goals.
Response:
The challenge facing those who comprise the IT function of DHS is
complex. There are three major areas of focus:
* The first is to ensure that the women and men on the front lines of
the Department have all the IT enabled solutions and tools they need to
safeguard the United States and to deliver our safety and service
related operational functions and capabilities. The war on terrorism is
real, and the Department must deliver new mission solutions with
quality and speed in a cost-effective manner, while maintaining already
existing mission solutions that it inherited when the department was
formed.
* The second area addresses the integration of existing IT enabled
solutions. Guided by the Homeland Security Enterprise Architecture, the
Department is identifying opportunities to consolidate and streamline
mission solutions. In mission areas such as threat identification and
management, identity credentialing, and collaboration, the Department
has identified multiple solutions in use within the various
organizational elements of the Department. Our role is to help
facilitate and support the operators and subject matter experts in our
business units in determining the optimal number and nature of mission
solutions needed.
* The third area is to realize efficiencies and economies of scale that
the President and Congress have set forth in creating DHS. Here the
Department must rapidly identify and eliminate existing overlap or
redundancy within the IT infrastructure of the Department. However, DHS
must ensure that it "does no harm" to mission solutions while it
restructures and consolidates its infrastructure.
IT Priorities:
In order to guide the IT function in achieving success in these three
overarching focus areas, the Department, in concert with its DHS CIO
Council, set 8 priorities for the IT function:
* Information Sharing:
* Mission Rationalization:
* IT Portfolio Management:
* Information Security:
* Infrastructure Transformation * Enterprise Architecture:
* IT Governance:
* IT Human Capital:
These priorities are aligned with the Strategic Priorities of the
Department set forth by Secretary Ridge and Deputy Secretary Loy. For
each priority, DHS is in the process of developing the case for change,
the business case, a roadmap that outlines the activities, tasks, and
deliverables needed to achieve the desired objectives, and metrics by
which it will measure success. I have enclosed the initial products of
that work, the roadmaps and case for change documents, for our
initiatives: Information Sharing, Mission Rationalization, IT
Portfolio Management, Information Security, Infrastructure
Transformation, and Enterprise Architecture. These documents represent
our first drafts and will be updated and revised over time.
I appreciate your interest in the Department of Homeland Security, and
I look forward to working with you on future homeland security issues.
If I may be of further assistance, please contact the Office of
Legislative Affairs at (202) 205-4412.
Sincerely,
Pamela J. Turner
Assistant Secretary for Legislative Affairs:
Enclosures:
1. Information Sharing Roadmap:
2. Mission Rationalization Roadmap:
3. DHS IT Portfolio Management Roadmap
4. Information Security Roadmap:
5. Infrastructure Transformation Office Roadmap
6. EA Roadmap:
[End of section]
Appendix IV: GAO Contact and Staff Acknowledgments:
GAO Contact:
Gary Mountjoy, (202) 512-6367:
Acknowledgments:
Barbara Collier, Vijay D'Souza, and Carl Urie made key contributions to
this report.
(310263):
FOOTNOTES
[1] For example, see U.S. General Accounting Office, Major Management
Challenges and Program Risk: Department of Homeland Security, GAO-03-
102 (Washington, D.C.: January 2003) and Homeland Security: Proposal
for Cabinet Agency Has Merit, but Implementation Will be Pivotal to
Success, GAO-02-886T (Washington, D.C.: June 25, 2002).
[2] An enterprise architecture is the explicit description and
documentation of the current and desired relationships among business
and management processes and information technology. It describes the
"current architecture" and "target architecture."
[3] U.S. Department of Homeland Security, Budget in Brief: Fiscal Year
2005.
[4] See GAO-03-102 and GAO-02-886T.
[5] Of these positions, 14 are currently vacant, and 9 are in the
process of being filled.
[6] Of this amount, $185 million is for new systems, and $60 million is
for operation and maintenance of existing systems.
[7] Office of Management and Budget, Budget of the U.S. Government,
Fiscal Year 2005, Report on IT Spending for the Federal Government for
Fiscal Years 2003, 2004, and 2005. According to this document, the
Departments of Defense and Health and Human Services have the first and
second largest IT budgets, respectively.
[8] U.S. General Accounting Office, Aviation Security: Computer-
Assisted Passenger Prescreening System Faces Significant
Implementation Challenges, GAO-04-385 (Washington, D.C.: February
2004).
[9] U.S. General Accounting Office, Automated Commercial Environment
Progressing, but Further Acquisition Management Improvements Needed,
GAO-03-406 (Washington, D.C.: February 2003).
[10] U.S. General Accounting Office, Risks Facing Key Border and
Transportation Security Program Need to Be Addressed, GAO-03-1083
(Washington, D.C.: September 2003).
[11] For more information, see U.S. General Accounting Office,
Information Technology: OMB and Department of Homeland Security
Investment Reviews, GAO-04-323 (Washington, D.C.: February 2004).
[12] For example, see U.S. General Accounting Office, Information
Technology: A Framework for Assessing and Improving Enterprise
Architecture Management (Version 1.1), GAO-03-584G (Washington, D.C.:
Apr. 1, 2003); Information Technology Investment Management: A
Framework for Assessing and Improving Process Maturity (Version 1.1),
GAO-04-394G (Washington, D.C.: March 2004); and Executive Guide:
Improving Mission Performance through Strategic Information Management
and Technology, GAO/AIMD-94-115 (Washington, D.C.: May 1994).
[13] For example, see U.S. General Accounting Office, Major Management
Challenges and Program Risks: Department of Homeland Security, GAO-03-
102 (Washington, D.C.: January 2003).
[14] We have issued guidance to agencies related to enterprise
architecture, IT investment management, and other management issues.
For example, see GAO-03-584G and GAO-04-394G.
[15] Clinger-Cohen Act, 40 U.S.C. 11101-11703.
[16] Office of Management and Budget, Management of Federal Information
Resources, Circular No. A-130.
[17] Department of Homeland Security, Information Resources Management
Strategic Plan 2003-2008 v. 1.0, draft (Washington, D.C.: March 2004).
[18] Office of Homeland Security, The White House, National Strategy
for Homeland Security (Washington, D.C.: July 2002).
[19] For more information, see U.S. General Accounting Office,
Information Technology: OMB and Department of Homeland Security
Investment Reviews, GAO-04-323 (Washington, D.C.: February 2004).
[20] For example, see U.S. General Accounting Office, Architect of the
Capitol: Management and Accountability Framework Needed for
Organizational Transformation, GAO-03-231 (Washington, D.C.: January
2003) and Maximizing the Success of Chief Information Officers:
Learning from Leading Organizations, GAO-01-376G (Washington, D.C.:
February 2001).
[21] For example, see GAO-03-231 and GAO-01-376G.
[22] OMB Circulars No. A-130 and No. A-11.
[23] GAO/AIMD-10.1.23.
[24] For example, see U.S. General Accounting Office, Tax Systems
Modernization: Blueprint Is a Good Start, but Not Yet Sufficiently
Complete to Build or Acquire Systems, GAO/AIMD/GGD-98-54 (Washington,
D.C.: February 1998).
[25] Office of Homeland Security, The White House, National Strategy
for Homeland Security (Washington, D.C.: July 2002).
[26] The agenda points out important challenges for the federal
government. It is intended to focus agencies' efforts on making
progress in achieving management and performance improvements.
[27] We have issued guidance to agencies related to enterprise
architecture, IT investment management, and other management issues.
For example, see U.S. General Accounting Office, Information
Technology: A Framework for Assessing and Improving Enterprise
Architecture Management (Version 1.1), GAO-03-584G (Washington, D.C.:
April, 2003) and Information Technology Investment Management: A
Framework for Assessing and Improving Process Maturity (Version 1.1),
GAO-04-394G (Washington, D.C.: March 2004).
[28] Clinger-Cohen Act, 40 U.S.C. 11101-11703.
[29] Office of Management and Budget, Management of Federal Information
Resources, Circular No. A-130.
[30] U.S. General Accounting Office, Executive Guide: Improving Mission
Performance through Strategic Information Management and Technology,
GAO/AIMD-94-115 (Washington, D.C.: May 1994).
[31] Executive Office of the President, Office of Management and
Budget, Evaluating Information Technology Investments, A Practical
Guide (Washington, D.C.: November 1995).
[32] GAO-04-394G.
[33] GAO-03-584G.
GAO's Mission:
The General Accounting Office, the investigative arm of Congress,
exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. General Accounting Office
441 G Street NW,
Room LM Washington,
D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.
General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.
20548:
