Secure Border Initiative
SBInet Expenditure Plan Needs to Better Support Oversight and Accountability Gao ID: GAO-07-309 February 15, 2007In November 2005, the Department of Homeland Security (DHS) established the Secure Border Initiative (SBI) program to secure U.S. borders and reduce illegal immigration. One element of SBI is SBInet, the program responsible for developing a comprehensive border protection system. By legislative mandate, DHS developed a fiscal year 2007 expenditure plan for SBInet to address nine legislative conditions, including a review by GAO. DHS submitted the plan to the Appropriations Committees on December 4, 2006. To address the mandate, GAO assessed the plan against federal guidelines and industry standards and interviewed appropriate DHS officials.
The SBInet expenditure plan, including related documentation and program officials' statements, satisfied four legislative conditions, partially satisfied four legislative conditions, and did not satisfy one legislative condition. Satisfying the legislative conditions is important because the expenditure plan is intended to provide Congress with the information needed to effectively oversee the program and hold DHS accountable for program results. Satisfying the legislative conditions is also important to minimize the program's exposure to cost, schedule, and performance risks. SBInet's December 2006 expenditure plan offered a high-level and partial outline of a large and complex program that forms an integral component of a broader multiyear initiative. However, the plan and related documentation did not include explicit and measurable commitments relative to capabilities, schedule, costs, and benefits associated with individual SBInet program activities. In addition, the SBInet systems integration contract did not contain a specific number of units that may be ordered or a maximum dollar value as required by Federal Acquisition Regulation. Further, DHS's approach to SBInet introduces additional risk because the program's schedule entails a high level of concurrency among related planned tasks and activities.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-07-309, Secure Border Initiative: SBInet Expenditure Plan Needs to Better Support Oversight and Accountability
This is the accessible text file for GAO report number GAO-07-309
entitled 'Secure Border Initiative: SBInet Expenditure Plan Needs to
Better Support oversight and Accountability' which was released on
February 15, 2007.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Committees:
United States Government Accountability Office:
GAO:
February 2007:
Secure Border Initiative:
SBInet Expenditure Plan Needs to Better Support Oversight and
Accountability:
GAO-07-309:
GAO Highlights:
Highlights of GAO-07-309, a report to congressional committees
Why GAO Did This Study:
In November 2005, the Department of Homeland Security (DHS) established
the Secure Border Initiative (SBI) program to secure U.S. borders and
reduce illegal immigration. One element of SBI is SBInet, the program
responsible for developing a comprehensive border protection system. By
legislative mandate, DHS developed a fiscal year 2007 expenditure plan
for SBInet to address nine legislative conditions, including a review
by GAO. DHS submitted the plan to the Appropriations Committees on
December 4, 2006. To address the mandate, GAO assessed the plan against
federal guidelines and industry standards and interviewed appropriate
DHS officials.
What GAO Found:
The SBInet expenditure plan, including related documentation and
program officials‘ statements, satisfied four legislative conditions,
partially satisfied four legislative conditions, and did not satisfy
one legislative condition. The nine legislative conditions and the
level of satisfaction are summarized in the table.
Table: Satisfaction of legislative conditions:
Legislative condition: 1. Defines activities, milestones, and costs for
implementing the program;
Status: Partially satisfied.
Legislative condition: 2. Demonstrates how activities will further the
goals and objectives of the Secure Border Initiative, as defined in the
SBI multi-year strategic plan;
Status: not satisfied.
Legislative condition: 3. Identifies funding and the organization
staffing (including full-time equivalents, contractors, and detailees)
requirements by activity;
Status: Satisfied.
Legislative condition: 4. Reports on costs incurred, the activities
completed, and the progress made by the program in terms of obtaining
operational control of the entire border of the United States;
Status: Partially satisfied.
Legislative condition: 5. Includes a certification by DHS‘s Chief
Procurement Officer that procedures to prevent conflicts of interest
between the prime integrator and major subcontractors are established
and a certification by DHS‘s Chief Information Officer that an
independent verification and validation agent is currently under
contract for the project;
Status: Satisfied.
Legislative condition: 6. Complies with all applicable acquisition
rules, requirements, guidelines, and best systems acquisition
management practices of the federal government;
Status: Partially satisfied.
Legislative condition: 7. Complies with the capital planning and
investment control review requirements established by the Office of
Management and Budget (OMB), including Circular A–11, part 7;
Status: Partially satisfied.
Legislative condition: 8. Is reviewed and approved by DHS‘s Investment
Review Board, the Secretary of Homeland Security, and OMB;
Status: Satisfied.
Legislative condition: 9. Is reviewed by GAO;
Status: Satisfied.
Source: GAO analysis of DHS data.
[End of Table]
Satisfying the legislative conditions is important because the
expenditure plan is intended to provide Congress with the information
needed to effectively oversee the program and hold DHS accountable for
program results. Satisfying the legislative conditions is also
important to minimize the program‘s exposure to cost, schedule, and
performance risks. SBInet‘s December 2006 expenditure plan offered a
high-level and partial outline of a large and complex program that
forms an integral component of a broader multiyear initiative. However,
the plan and related documentation did not include explicit and
measurable commitments relative to capabilities, schedule, costs, and
benefits associated with individual SBInet program activities. In
addition, the SBInet systems integration contract did not contain a
specific number of units that may be ordered or a maximum dollar value
as required by Federal Acquisition Regulation. Further, DHS‘s approach
to SBInet introduces additional risk because the program‘s schedule
entails a high level of concurrency among related planned tasks and
activities.
What GAO Recommends:
GAO recommends that DHS (1) ensure that future expenditure plans
include explicit and measurable commitments relative to the
capabilities, schedule, costs, and benefits associated with individual
SBInet program activities; (2) modify the SBInet contract to include a
maximum quantity or dollar value; and (3) re-examine the level of
concurrency and appropriately adjust the acquisition strategy. DHS
concurred with the first and third recommendations, but not the second.
DHS stated that the contract already contains a maximum quantity. GAO
disagrees and believes DHS needs to modify the contract to ensure
compliance with regulations.
[Hyperlink, http://www.gao.gov/cgi-bin/getrpt?GAO-07-309].
To view the full product, including the scope and methodology, click on
the link above. For more information, contact Richard M. Stana at (202)
512-8816 or stanar@gao.gov.
[End of section]
Contents:
Letter:
Compliance with Legislative Conditions:
Conclusions:
Recommendations for Executive Action:
Agency Comments:
Appendix I: Briefing to the Subcommittees on Homeland Security, Senate
and House Committees on Appropriations:
Appendix II: Comments from the Department of Homeland Security:
Appendix III: GAO Contact and Staff Acknowledgments:
Abbreviations:
CBP: Customs and Border Protection:
CIO: Chief Information Officer:
CPO: Chief Procurement Officer:
DHS: Department of Homeland Security:
EVM: earned value management:
FAR: Federal Acquisition Regulation:
IRB: Investment Review Board:
IV&V: independent verification and validation:
OMB: Office of Management and Budget:
PMO: Program Management Office:
SBI: Secure Border Initiative:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
February 15, 2007:
The Honorable Robert C. Byrd:
Chairman:
The Honorable Thad Cochran:
Ranking Minority Member:
Subcommittee on Homeland Security:
Committee on Appropriations:
United States Senate:
The Honorable David E. Price:
Chairman:
The Honorable Harold Rogers:
Ranking Minority Member:
Subcommittee on Homeland Security:
Committee on Appropriations:
House of Representatives:
The Secure Border Initiative (SBI) is a comprehensive, multiyear
program established in November 2005 by the Secretary of Homeland
Security to secure U.S. borders and reduce illegal immigration. SBI's
mission is to promote border security strategies that help protect
against and prevent terrorist attacks and other transnational crimes.
Elements of SBI will be carried out by several organizations within the
Department of Homeland Security (DHS). One element of SBI is SBInet,
the program within U.S. Customs and Border Protection (CBP) responsible
for developing a comprehensive border protection system. SBInet is
responsible for leading the effort to ensure that the proper mix of
personnel, tactical infrastructure, rapid response capability, and
technology is deployed along the border. In September 2006, after a
full and open competition source selection, CBP awarded an indefinite
delivery/indefinite quantity systems integration contract for 3 years,
with three 1-year options. The minimum dollar amount is $2 million; the
maximum is stated as "the full panoply of supplies and services to
provide 6,000 miles of secure U.S. border." According to DHS, the
SBInet solution is to include a variety of sensors, communications
systems, information technology, tactical infrastructure (roads,
barriers, and fencing), and command and control capabilities to enhance
situational awareness of the responding officers. The solution is also
to include the development of a common operating picture that provides
uniform data, through a command center environment, to all DHS agencies
and is interoperable with stakeholders external to DHS.
The Department of Homeland Security Appropriations Act, 2007, required
DHS to submit to Congress an expenditure plan to establish a security
barrier along the border of the United States of fencing and vehicle
barriers and other forms of tactical infrastructure and
technology.[Footnote 1] This plan was to address nine legislative
conditions and was submitted on December 4, 2006. As required by the
act, we reviewed the plan, and on December 7 and December 13, 2006,
briefed the House and Senate Appropriations Subcommittee staff,
respectively, on the results. This report transmits these results. The
full briefing, including our scope and methodology, is reprinted in
appendix I.
Compliance with Legislative Conditions:
The expenditure plan, including related documentation and program
officials' statements, satisfied four legislative conditions, partially
satisfied four legislative conditions, and did not satisfy one
legislative condition. The nine legislative conditions and the level of
satisfaction are summarized below.
* Legislative condition 1: Define activities, milestones, and costs for
implementing the program (partially satisfied).
The SBInet expenditure plan included general cost information for
proposed activities and some associated milestone information, such as
beginning and ending dates. DHS estimates that the total cost for
completing the acquisition phase for the southwest border is $7.6
billion for fiscal years 2007 through 2011. However, the plan and
related documentation did not include sufficient details about the
activities, milestones, or costs for implementing the program. Although
the plan stated that about $790 million will be spent in the Tucson
sector in Arizona for such elements as fencing, ground sensors, radars,
cameras, and fixed and mobile towers, the plan did not specify how the
funds will be allocated by element and did not provide specific dates
for implementation. In addition, the plan did not include activities,
milestones, or costs for the northern border. According to DHS, work on
the northern border is not to begin before fiscal year 2009.
* Legislative condition 2: Demonstrate how activities will further the
goals and objectives of the SBI, as defined in the SBI multiyear
strategic plan (not satisfied).
The SBInet expenditure plan included a section that describes SBI and
SBInet goals; however, the expenditure plan and related documentation
did not link individual activities with SBI's goals, as called for by
the legislative condition. Further, the December 2006 SBI strategic
plan contained three strategic goals, one of which addresses border
control. SBI and SBInet senior officials told us all SBInet activities
link back to the overall goal of controlling the border and that the
linkage between program goals and activities is intuitive. However, the
SBInet expenditure plan did not link specific activities to more
detailed SBI strategic plan goals, such as the annual performance
goals.
* Legislative condition 3: Identify funding and organization staffing
(including full-time equivalents, contractors, and detailees)
requirements by activity (satisfied).
The SBInet program is managed by the SBInet Program Management Office
(PMO). The PMO plans to execute SBInet activities through a series of
concurrent task orders and to rely on a mix of government and
contractor staff. The PMO plans to nearly triple its current workforce,
from approximately 100 to 270 personnel,[Footnote 2] by September 2007
in order to support and oversee this series of concurrent task orders.
As of December 2006, SBInet officials told us that they have assigned
lead staff for the task orders that have been awarded.
* Legislative condition 4: Report on costs incurred, the activities
completed, and the progress made by the program in terms of obtaining
operational control of the entire border of the United States
(partially satisfied).
The SBInet expenditure plan and related documentation discussed how
approximately $1.5 billion will be allocated to SBInet activities. For
example, about $790 million is allocated for the Tucson Border Patrol
sector and $260 million for the Yuma sector in Arizona.[Footnote 3]
However, the plan did not include costs incurred to date mainly because
SBInet activities are in the early stages of implementation and costs
had not yet been captured by DHS's accounting system (e.g., the SBInet
systems integration contract was awarded in September 2006 and the
first two task orders were awarded in September and October 2006).
Moreover, the expenditure plan did not include a baseline measure of
miles under control of the border.[Footnote 4] While the plan did not
discuss progress made to date by the program to obtain control of the
border, related program documents, such as the bimonthly SBI reports to
Congress, included information on the number of miles under control in
the southwest border. According to the November 2006 bimonthly report,
as of August 2006, 284 miles of the southwest border are under control.
* Legislative condition 5: Include a certification by DHS's Chief
Procurement Officer (CPO) that procedures to prevent conflicts of
interest between the prime integrator and major subcontractors are
established and a certification by DHS's Chief Information Officer
(CIO) that an independent verification and validation agent is
currently under contract for the project (satisfied).
On November 30, 2006, DHS's CPO certified that the prime integrator had
established procedures to prevent conflicts of interest between it and
its major subcontractors and that DHS is developing a process to
monitor and oversee implementation of the prime integrator's
procedures. Also, on November 30, 2006, DHS's Deputy CIO certified that
the SBInet program had contracted with a private company as the interim
independent verification and validation (IV&V) agent. However, this
company is also responsible for performing program activities,
including requirements management and test and evaluation activities
and thus is not independent of all the program's products and processes
that it could review. The Deputy CIO certified that a permanent IV&V
agent is to be selected by February 28, 2007, and that CBP is to
provide information sufficient to determine that this independence
issue has been resolved.
* Legislative condition 6: Comply with all applicable acquisition
rules, requirements, guidelines, and best systems acquisition
management practices of the federal government (partially satisfied).
SBInet is using, at least to some extent, several acquisition best
practices. The extent to which these practices are in use varies, and
outcomes are dependent on successful implementation. However, one
acquisition requirement not followed was that the SBInet systems
integration contract did not contain a specific number of units that
may be ordered or a maximum dollar value. According to the Federal
Acquisition Regulation (FAR),[Footnote 5] indefinite quantity contracts
must specify the maximum quantity of supplies or services the agency
will acquire. This may be stated as a number of units or as a dollar
value. SBI and SBInet officials told us that the contract already
contains a maximum quantity of "6,000 miles of secure U.S. border" and
that this was sufficient to satisfy the FAR requirement. We disagree
because the statement in the contract about the 6,000 miles of secure
border merely reflects the agency's overall outcome to be achieved with
the supplies or services provided but does not specify the maximum
quantity of supplies or services the agency may acquire. We believe
that a maximum quantity or dollar value limit should be included in the
contract in order to ensure that it is consistent with the FAR
requirement.
SBInet's acquisition approach calls for considerable concurrency among
related planned tasks and activities. The greater the degree of
concurrency among related and dependent program tasks and activities,
the greater a program's exposure to cost, schedule, and performance
risks. SBI and SBInet officials told us that they understand the risks
inherent in concurrency and are addressing these risks. However, they
have yet to provide evidence that shows they have identified the
dependencies among their concurrent activities and that they are
proactively managing the associated risk.
Further, the program office did not fully define and implement key
acquisition management processes, such as project planning,
requirements management, and risk management. According to the SBInet
Program Manager, this is due to the priority being given to meeting an
accelerated program implementation schedule. However, the program
office has begun implementing a risk management process and, according
to the Program Manager, plans to develop a plan for defining and
implementing the remaining processes by the spring of 2007.
* Legislative condition 7: Comply with the capital planning and
investment control review requirements established by the Office of
Management and Budget (OMB), including Circular A-11, part 7 (partially
satisfied).
As required by OMB, the plan and related documentation provided a brief
description of SBInet and addressed the program's management structure
and responsibilities for most of the program office's directorates. In
addition, the program office developed a draft privacy impact
assessment and established an earned value management (EVM)
system[Footnote 6] to manage the prime integrator's progress against
cost and schedule goals. However, an OMB-required EVM system had not
been fully implemented because the baselines against which progress can
be measured for the two task orders that had been issued, as of
December 4, 2006, were not yet established. Further, the program office
had not yet developed a system security plan or determined SBInet's
compliance with the DHS enterprise architecture.[Footnote 7]
* Legislative condition 8: Include reviews and approvals by DHS's
Investment Review Board (IRB), the Secretary of Homeland Security, and
OMB (satisfied).
DHS's IRB approved the plan on November 22, 2006; the Secretary of
Homeland Security approved the expenditure plan on November 22, 2006;
and OMB approved the plan on December 4, 2006.
* Legislative condition 9: Include a review by GAO (satisfied).
On December 7, 2006, we briefed the House of Representatives Committee
on Appropriations staff and on December 13, 2006, we briefed the Senate
Committee on Appropriations staff regarding the results of our review.
Conclusions:
The legislatively mandated expenditure plan for SBInet is a
congressional oversight mechanism aimed at ensuring that planned
expenditures are justified, performance against plans is measured, and
accountability for results is ensured. Because the SBInet expenditure
plan lacked sufficient details on such things as planned activities and
milestones, anticipated costs and staffing levels, and expected mission
outcomes, Congress and DHS are not in the best position to use the plan
as a basis for measuring program success, accounting for the use of
current and future appropriations, and holding program managers
accountable for achieving effective control of the southwest border.
Under the FAR, indefinite quantity contracts such as the SBInet
contract must contain the specific number of units that may be ordered
or a maximum dollar value. However, the SBInet contract merely contains
the maximum number of miles to be secured. While SBInet officials
consider this sufficient to satisfy the FAR requirement, a maximum
quantity expressed in units other than the overall outcome to be
achieved or expressed as a dollar value limit would help ensure that
the contract is consistent with this requirement.
DHS's approach to SBInet introduces additional risk because the
program's schedule entails a high level of concurrency. With multiple
related and dependent projects being undertaken simultaneously, SBInet
is exposed to possible cost and schedule overruns and performance
problems. Without assessing this level of concurrency and how it
affects project implementation, SBInet runs the risk of not delivering
promised capabilities and benefits on time and within budget.
Recommendations for Executive Action:
To help ensure that Congress has the information necessary to
effectively oversee SBInet and hold DHS accountable for program
results, and to help DHS manage the SBInet program and ensure that
future SBInet expenditure plans meet the legislative requirements, we
recommend that the Secretary of Homeland Security direct the U.S.
Customs and Border:
Protection Secure Border Initiative Program Management Office Executive
Director to take the following three actions:
* ensure that future expenditure plans include explicit and measurable
commitments relative to the capabilities, schedule, costs, and benefits
associated with individual SBInet program activities;
* modify the SBInet systems integration contract to include a maximum
quantity or dollar value; and:
* re-examine the level of concurrency and appropriately adjust the
acquisition strategy.
Agency Comments:
In written comments on a draft of this report, DHS generally agreed
with our findings and conclusions, but did not agree with our
assessment that the SBInet contract does not contain specific numbers
of units that may be ordered or a maximum dollar value. In addition,
DHS stated that CBP intends to fully satisfy each of the legislative
conditions in the near future to help minimize the program's exposure
to cost, schedule, and performance risks. DHS's written comments are
reproduced in appendix II.
With respect to our recommendations, DHS concurred with two of our
recommendations and disagreed with one. Specifically, DHS concurred
with our recommendation for future expenditure plans to include
explicit and measurable commitments relative to capabilities, schedule,
costs, and benefits associated with individual SBInet program
activities. According to DHS, future SBInet expenditure plans will
include actual and planned progress, report against commitments
contained in prior expenditure plans, and include a section that
addresses and tracks milestones. DHS also concurred with our
recommendation to re-examine the level of concurrency and appropriately
adjust the acquisition strategy. In its written comments, DHS stated
that CBP is constantly assessing the overall program as it unfolds, and
adjusting it to reflect progress, resource constraints, refinements and
changes in requirements, and insight gained from ongoing system
engineering activities. DHS also stated that CBP recognizes the risk
inherent in concurrency and has added this to the program's risk
management database.
DHS did not agree with our recommendation to modify the SBInet
integration contract to include a maximum quantity or dollar value.
According to DHS, the quantity stated in the contract, "6,000 miles of
secure U.S. border," is measurable and is therefore the most
appropriate approach to defining the contract ceiling. We do not agree.
Under the FAR, an agency may use an indefinite delivery/indefinite
quantity contract, such as that used for SBInet, when it is not
possible to determine in advance the precise quantities of goods or
services that may be required during performance of the contract.
Though these types of contracts are indefinite, they are not open-
ended. The FAR requires that indefinite quantity contracts contain a
limit on the supplies or services that may be ordered, stated in terms
of either units or dollars. This limit serves a variety of purposes,
including establishing the maximum financial obligation of the parties.
In our view, the purported maximum used in the SBInet contract, "the
full panoply of supplies and services to provide 6,000 miles of secure
U.S. border," does not allow anyone to calculate with any degree of
certainty what the maximum financial obligation of the parties might
turn out to be since the contract does not make clear the total amount
of supplies or services that would be required to secure even 1 mile of
U.S. border. In order to ensure that the SBInet contract is consistent
with the FAR, we continue to believe that it should be modified to
include a maximum quantity, either units or a dollar value, rather than
the total amount of miles to be secured.
We are sending copies of this report to the Chairman and Ranking
Minority Members of other Senate and House committees that have
authorization and oversight responsibilities for homeland security. We
are also sending copies to the Secretary of Homeland Security, the
Commissioner of Customs and Border Protection, and the Director of the
Office of Management and Budget. Copies of this report will also be
available at no charge on the GAO Web site at http://www.gao.gov.
If you or your staff have any further questions about this report,
please contact Richard Stana at (202) 512-8816 or StanaR@gao.gov.
Contact points for our Offices of Congressional Relations and Public
Affairs may be found on the last page of this report. Key contributors
to this report are listed in appendix III.
Signed by:
Richard M. Stana:
Director, Homeland Security and Justice Issues:
Signed by:
Randolph C. Hite:
Director, Information Technology Architecture and Systems Issues:
Signed by:
William T. Woods:
Director, Acquisition and Sourcing Management:
[End of section]
Appendix I: Briefing to the Subcommittees on Homeland Security, Senate
and House Committees on Appropriations:
Briefing on the Secure Border Initiative's SBInet Expenditure Plan:
Prepared for the House and Senate Appropriations Committees:
December 7 and December 13, 2006:
Briefing Overview:
Objective, Scope, and Methodology:
Results in Brief:
Background:
Findings:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Attachment 1: Scope and Methodology:
Objective, Scope, and Methodology:
Our objective was to determine whether the Secure Border Initiative's
(SBI) SBlnet December 2006 expenditure plan satisfies nine legislative
conditions as required by the Department of Homeland Security
Appropriations Act, 2007.[Footnote 8]
To accomplish our objective, we analyzed the SBI net December 2006
expenditure plan and supporting documentation. We also interviewed
cognizant program officials and contractors. We did not review the
justification for cost estimates included in the expenditure plan. We
conducted our work at Department of Homeland Security's (DHS) U.S.
Customs and Border Protection (CBP) headquarters in the Washington,
D.C., metropolitan area from October 2006 to December 2006, in
accordance with generally accepted government auditing standards.
Details of our scope and methodology are provided in attachment 1.
Results in Brief:
Satisfaction of legislative conditions:
Legislative condition: 1. Defines activities, milestones, and costs for
implementing the program;
Status[Footnote 9]: Partially satisfied.
Legislative condition: 2. Demonstrates how activities will further the
goals and objectives of the Secure Border Initiative, as defined in the
SBI multi-year strategic plan;
Status[Footnote 9]: not satisfied.
Legislative condition: 3. Identifies funding and the organization
staffing (including full-time equivalents, contractors, and detailees)
requirements by activity;
Status[Footnote 9]: Satisfied.
Legislative condition: 4. Reports on costs incurred, the activities
completed, and the progress made by the program in terms of obtaining
operational control of the entire border of the United States;
Status[Footnote 9]: Partially satisfied.
Legislative condition: 5. Includes a certification by DHS‘s Chief
Procurement Officer that procedures to prevent conflicts of interest
between the prime integrator and major subcontractors are established
and a certification by DHS‘s Chief Information Officer that an
independent verification and validation agent is currently under
contract for the project;
Status[Footnote 9]: Satisfied.
Legislative condition: 6. Complies with all applicable acquisition
rules, requirements, guidelines, and best systems acquisition
management practices of the federal government;
Status[Footnote 9]: Partially satisfied.
Legislative condition: 7. Complies with the capital planning and
investment control review requirements established by the Office of
Management and Budget (OMB), including Circular A–11, part 7;
Status[Footnote 9]: Partially satisfied.
Legislative condition: 8. Is reviewed and approved by DHS‘s Investment
Review Board[Footnote 10], the Secretary of Homeland Security, and OMB;
Status[Footnote 9]: Satisfied.
Legislative condition: 9. Is reviewed by GAO;
Status[Footnote 9]: Satisfied.
Source: GAO analysis of DHS data.
[End of Table]
Background:
SBI is a comprehensive, multi-year program sponsored by the Secretary
of Homeland Security, to secure U.S. borders and reduce illegal
immigration. SBI's mission is to promote border security strategies
that protect against and prevent terrorist attacks and other
transnational crimes.
Elements of SBI will be carried out by several organizations within
DHS. Under SBI is SBI net, the program within CBP responsible for
developing a comprehensive border protection system (see fig. 1). SBI
net will lead the effort to ensure the proper mix of personnel (e.g.,
program staff and Border Patrol agents), tactical infrastructure, rapid
response capability, and technology are deployed along the border.
Figure #1: SBI Organizational Chart:
[See PDF for Image]
Source: GAO Analysis of DHS data.
[End of figure]
DHS defines control of U.S. borders as the ability to:
1. detect illegal entries into the United States;
2. identify and classify these entries to determine the level of threat
involved;
3. efficiently and effectively respond to these entries; and:
4. bring events to a satisfactory law enforcement resolution.
The initial focus of SBlnet will be on southwest border investments and
areas between the ports of entry that CBP has designated as having the
highest need for enhanced border security due to serious
vulnerabilities. Figure 2 shows the topography, interstate highways,
and some major secondary roads along the southwest border.
Figure 2: Topography and Road Systems along the Southwest Border:
[See PDF for image]
Source: GAO.
Note: The U.S.-Mexican border is denoted by the black line that starts
at the far left in San Diego, California, and that moves to the far
right, ending at Brownsville, Texas.
[End of figure]
In September 2006, after a full and open competition source selection,
Boeing was awarded an Indefinite Delivery/Indefinite Quantity (IDIQ)
contract for 3 years, with three 1-year options. The minimum dollar
amount is $2 million; the maximum is stated as "the full panoply of
supplies and services to provide 6,000 miles of secure U.S. border."
Boeing's solution will include a variety of sensors, communications
systems, information technology, tactical infrastructure (roads,
barriers, and fencing), and command and control capabilities to enhance
situational awareness of the responding officers (see fig. 3.) The
solution will also include the development of a common operating
picture (COP) that will provide uniform data, through a command center
environment, to all DHS agencies and be interoperable with stakeholders
external to DHS.
Figure 3: Existing Technology along the Border:
[See PDF for image]
Source: CBP.
[End of figure]
DHS's acquisition process for major investments consists of 5 decision
milestones and requires Investment Review Board approval at key
decision points (see fig. 4).
Figure 4: DHS's Acquisition Process:
[See PDF for image]
Source: DHS.
[End of figure]
Legislative condition #1: Defines Activities, Milestones, and Costs
(Partially Satisfied):
The expenditure plan, including related documentation and program
officials' statements, partially satisfied the condition to define
activities, milestones, and costs for implementing the program.
The SBInet expenditure plan should include sufficient details of
planned activities, milestones, and costs for Congress and DHS to be
assured that planned use of current and future appropriations offer a
reasonable expectation of achieving operational control of the U.S
border, and to provide a basis for measuring program success and
holding program managers accountable.
DHS estimates that the total cost for completing the acquisition phase
for the southwest border is $7.6 billion from FY2007 through FY2011.
* $5.1 billion is for the design, development, integration and
deployment of fencing, roads, vehicle barriers, sensors, radar units,
and command, control, and communications and other equipment.
* $2.5 billion is for integrated logistics and operations support
during the acquisition phase for the southwest border.
DHS expects to have control of the southwest border by October 2011.
DHS officials have yet to provide draft implementation plans by
southwest border sectors and years for FY2007-FY2011.
The expenditure plan does not include activities, milestones, or costs
for the northern border. According to DHS, work on the northern border
is not projected to begin before FY2009.
The expenditure plan provides a general breakdown of how funds will be
allocated to SBInet's activities.[Footnote 11] See table 1.
Table 1: SBlnet Funding Allocations FY2005-FY2007 (in thousands):
Activity: Management task order;
FY2005: $36,800;
FY2006 Supplemental: [Empty];
FY2007: $13,066;
Total: $49,866.
Activity: Project 28;
FY2005: [Empty];
FY2006 Supplemental: $20,000;
FY2007: [Empty];
Total: $20,000.
Activity: Common operating picture;
FY2005: [Empty];
FY2006 Supplemental: [Empty];
FY2007: $100,000;
Total: $100,000.
Activity: Tucson sector;
FY2005: [Empty];
FY2006 Supplemental: $60,000;
FY2007: $729,359;
Total: $789,359.
Activity: Yuma sector;
FY2005: [Empty];
FY2006 Supplemental: $204,609;
FY2007: $55,075;
Total: $259,684.
Activity: Yuma and Tucson Tactical Infrastructure;
FY2005: [Empty];
FY2006 Supplemental: $24,391;
FY2007: [Empty];
Total: $24,391.
Activity: Tactical Infrastructure Western Arizona;
FY2005: [Empty];
FY2006 Supplemental: [Empty];
FY2007: $57,823;
Total: $57,823.
Activity: Texas Mobile System;
FY2005: [Empty];
FY2006 Supplemental: [Empty];
FY2007: $20,000;
Total: $20,000.
Activity: San Diego Fence;
FY2005: [Empty];
FY2006 Supplemental: [Empty];
FY2007: $30,500;
Total: $30,500.
Activity: Advanced Technology Development;
FY2005: [Empty];
FY2006 Supplemental: $10,000;
FY2007: [Empty];
Total: $10,000.
Activity: Systems Engineering Support;
FY2005: [Empty];
FY2006 Supplemental: $6,000;
FY2007: $6,000;
Total: $12,000.
Activity: Program Management Office Support;
FY2005: [Empty];
FY2006 Supplemental: [Empty];
FY2007: $55,000;
Total: $55,000.
Activity: Environmental Requirements;
FY2005: [Empty];
FY2006 Supplemental: [Empty];
FY2007: $61,000;
Total: $61,000.
Activity: Other[Footnote 12];
FY2005: [Empty];
FY2006 Supplemental: [Empty];
FY2007: $59,742;
Total: $59,742.
Total;
FY2005: $36,800;
FY2006 Supplemental: $325,000;
FY2007: $1,187,565;
Total: $1,549,362.
Source: GAO analysis of SBlnet Expenditure Plan.
[End of table]
The expenditure plan includes certain milestones, such as starting and
ending dates, for some but not all activities.
For Project 28, the task order has been issued and the milestones are
defined.
In other cases, such as the Tucson and Yuma sector activities,
milestones and costs are preliminary and more likely to change because
they are in the early stages of planning and requirement setting.
According to SBInet officials, factors such as technological,
environmental, and eminent domain constraints can affect the timetables
and costs of these activities.
Figure 5 illustrates some key milestones defined by SBInet officials
for selected activities.
Figure 5: Timeline by selected project:
[See PDF for image]
Source: SBlnet supporting documentation:
[End of figure]
Legislative Condition #2: Demonstrates How Activities will Further the
Goals of SBI's Strategic Plan (Not Satisfied):
The expenditure plan, including related documentation and program
officials' statements, did not satisfy the condition to demonstrate how
activities will further the goals and objectives of the SBI, as defined
in the SBI multi-year strategic plan.
As one component of a larger initiative, the SBlnet expenditure plan
needs to demonstrate the linkage between its individual activities and
the objectives of SBI.
The expenditure plan discusses the goals and objectives of four
strategic plans: DHS, SBI, CBP, and SBI net. (See table 2.)
However, the plan does not directly link the SBI net activities to
these goals and objectives. As a result, Congress is not in a position
to understand how SBInet's activities contribute to SBI's goals and
objectives.
Table 2: SBlnet Strategic Alignment of Goals:
DHS Strategic Plan: Objective 2.1: Secure our borders against
terrorists, means of terrorism, illegal drugs, and other illegal
activity;
DHS Secure Border Strategic Plan: Goal 1: Gain effective control of the
borders;
CBP Strategic Plan: Objective 2.2: Maximize border security, along the
northern, southern and coastal borders, through an appropriate balance
of personnel, equipment, technology, communications capabilities and
tactical infrastructure;
SBInet Strategic Plan: Strategic Goal #1: Ensure border security by
providing resources and capabilities to gain and maintain control of
the nation's borders at and between Ports of Entry.
DHS Strategic Plan: Objective 2.3: Provide operational end users with
the technology and capabilities to detect and prevent terrorist
attacks, means of terrorism and other illegal activities;
DHS Secure Border Strategic Plan: Goal 1.1: Develop and deploy the
optimal mix of personnel, infrastructure, technology and response
capabilities to identify, classify and interdict cross-border
violators;
CBP Strategic Plan: Objective 3.2: Develop and implement policy,
management, operations, infrastructure and training initiatives to
integrate frontline border enforcement personnel;
SBInet Strategic Plan: Strategic Goal #2: Lead development and
Deployment of a COP.
DHS Strategic Plan: Objective 7.4: Improve the efficiency and
effectiveness of the Department, ensuring taxpayers get value for their
tax dollars;
DHS Secure Border Strategic Plan: Core enabler: Strengthen DHS
management efforts;
CBP Strategic Plan: Objective 6.2: Improve asset acquisition and
management methods and procedures, ensuring the effective procurement
of supplies, services, and equipment in alignment with the CBP mission,
goals, and priorities;
SBInet Strategic Plan: Strategic Goal #3: Provide Responsible
Acquisition Management.
Source: SBlnet Expenditure Plan.
[End of table]
Legislative Condition #3: Identifies Funding and:
Staffing Requirements by Activity (Satisfied):
The expenditure plan, including related documentation and program
officials' statements, satisfied the condition to identify funding and
the organization staffing (including full-time equivalents,
contractors, and detailees) requirements by activity.
The expenditure plan should identify funding[Footnote 13] and staffing
requirements with sufficient detail to provide reasonable assurance to
Congress that government oversight of planned major expenditures will
be adequate to minimize the risk of inefficient or wasteful spending.
SBInet activities will be executed through a series of task orders. The
SBInet program plans to rely on a mix of government and contractor
staff to manage the program.
As of December 2006, SBInet officials told us that they have assigned
lead staff for the task orders that have been awarded. In addition,
SBInet officials told us that their human capital strategy, scheduled
to be finalized in December, will provide more details on staffing and
expertise needed for the program.
The SBI net program is managed by the SBInet Program Management Office
(PMO). The PMO reports to the CBP SBI Program Executive Director. The
PMO plans to nearly triple its current workforce by September 2007 in
order to support and oversee a planned series of concurrent task
orders. (See fig. 6.)
SBI and SBI net officials expressed concerns about difficulties in
finding an adequate number of staff with the required expertise to
support planned activities. Staffing shortfalls could limit government
oversight efforts.
Figure 6: CBP SBI and SBlnet Current and Projected Personnel:
[See PDF for image]
Notes: Current Staff is as of December 2006. Projected Staff is as of
September 30, 2007.
Source: GAO analysis of data in SBInet's expenditure plan.
[End of figure]
Legislative Condition #4: Reports on Costs Incurred, Activities
Completed and Progress to Date (Partially Satisfied):
The expenditure plan, including related documentation and program
officials' statements, partially satisfied the condition to report on
costs incurred, the activities completed, and the progress made by the
program in terms of obtaining operational control of the entire border
of the United States.
The expenditure plan should include a baseline measure of operational
control of the border in order to inform Congress on the level of
progress already achieved.
The plan and supporting documentation discusses allocations but not
costs incurred.
Examples of activities completed to date:
1. Systems integration contract was awarded in September 2006.
2. Two task orders have been awarded:
* Program Management/Systems Engineering - $36.5 million (September
2006):
* Project 28 - $20 million (October 2006):
The plan does not discuss progress to date made by the program to
obtain operational control of the border. The bi-monthly SBI reports to
Congress include baseline information.
Legislative Condition #5: Includes Certifications by CPO and CIO
(Satisfied):
The expenditure plan, including related documentation and program
officials' statements, satisfied the condition to include a
certification by DHS's Chief Procurement Officer that procedures to
prevent conflicts of interest between the prime integrator and major
subcontractors are established and a certification by DHS's Chief
Information Officer that an independent verification and validation
agent is currently under contract for the project.
On November 30, 2006, DHS's Chief Procurement Officer certified that
the prime integrator has established procedures to prevent conflicts of
interest between it and its major subcontractors and that DHS is
developing a process to monitor and oversee implementation of the prime
integrator's procedures.
On November 30, 2006, DHS's Deputy Chief Information Officer certified
the SBInet program has contracted with a private corporation as the
interim Independent Verification and Validation (IV&V) Agent. However,
this corporation is also responsible for the program's requirements
management and test and evaluation activities and thus is not
independent of all the program's products and processes that it could
review. The Deputy CIO certified that a permanent IV&V agent is to be
selected by February 28, 2007.
Legislative Condition #6: Complies with Acquisition Rules and
Requirements (Partially Satisfied):
The plan, including related documentation and program officials'
statements, partially satisfied the condition to comply with applicable
acquisition rules, requirements, guidelines, and best systems
acquisition management practices of the federal government, such as the
DHS's acquisition guidelines, Federal Acquisition Regulation, and the
Software Engineering Institute's acquisition guidance and practices.
DHS Acquisition Guidelines:
SBInet is using, at least to some extent, several of the best practices
or "Guiding Principles" in DHS Management Directive 1400, including:
Competition:
Earned Value Management:
Performance-based contracting:
Spiral Development:
Risk Management:
The extent to which these practices are in use varies, and outcomes are
dependent on successful implementation.
Federal Acquisition Regulation (FAR):
Under FAR Part 16, indefinite quantity contracts must specify the
maximum quantity of supplies or services the agency will acquire. These
may be stated as number of units or dollars.
The SBInet contract does not contain specific numbers of units that may
be ordered or a maximum dollar value.
Other Issues:
Fee Structure: The Program Management Task Order includes a relatively
high base fee of 5 percent. By comparison, the Department of Defense
regulations and the National Aeronautics and Space Administration
guidance generally limit base fees to 3 percent or less. Conversely,
our experience in reviewing contract matters shows that the award fee
of 3 percent may not be high enough relative to the base fee to
motivate higher levels of performance. DHS officials said that they
will establish an appropriate fee structure when issuing future task
orders.
Concurrency: The greater the degree of concurrency among related and
dependent program tasks and activities, the greater a program's
exposure to cost, schedule, and performance risks. As shown on slide
17, DHS plans call for considerable concurrency among SBInet planned
tasks and activities that are related, such as the lessons learned from
the Project 28 task order that are to be incorporated in the sector
task orders and the program management task order that is to establish
the capabilities to manage and oversee all of the other task orders.
According to program officials, risks associated with concurrency are
being managed. However, we have yet to receive information showing that
the program has defined task and activity dependencies and
relationships, and the risk inventory does not include a risk related
to concurrency.
Software Engineering Institute Acquisition Guidance:
The Software Engineering Institute's recognized guidance on system
acquisition practices provides a management framework based on
disciplined and rigorous processes for planning, managing, and
controlling the acquisition of information technology (IT) resources.
These processes include, among others, acquisition management, project
planning, project monitoring and control, requirements management,
measurement and analysis, process and product quality assurance, and
risk management.
The program management office has not fully defined and implemented all
of these key acquisition management processes.
According to the SBInet Program Manager, these processes have not been
fully defined and implemented because of a lack of time due to the
priority to meet a tight program implementation schedule. He further
stated that he plans to develop a plan for defining and implementing
these processes. The plan is to be incorporated in a revised Program
Management Plan (PMP), which is to be available in the spring of 2007.
The program office has defined and begun implementing one of these
process areas --risk management.
The program office developed a draft risk management plan, dated
September 29, 2006. This draft plan addressed, among other things, a
process for identifying, analyzing, mitigating, tracking, and
controlling risks. As part of its process, the program office has
established a governance structure, which includes a Risk Review Board
(RRB) that is chaired by the SBInet Program Manager. According to the
SBInet Risk Manager, a draft RRB charter has been developed, although
we have yet to receive it.
The program office has also begun implementing its process. For
example, it has developed a risk management database that identifies
for each risk, among other things, the status, priority, probability of
occurrence, the overall impact, consequence, and a mitigation strategy.
The risk inventory, which was provided to us on November 6, 2006,
identified 30 risks, of which 11 are designated as high risks and 2 are
designated as issues - understanding overall program cost and program
management office staffing. According to the SBInet Program Manager, an
issue is a risk that has been realized. He further stated that the
program cost issue is to be closed, but the program management office
staffing issue is still open.
Examples of other high risks include:
* Timely completion of environmental risk assessments,
* Early definition of tactical infrastructure requirements, and:
* Success of 8-month milestone for Project 28.
Legislative Condition #7: Complies with Capital Planning and Investment
Control Review Requirements (Partially Satisfied):
The plan, including related program documentation and program
officials' statements, partially satisfied the Capital Planning and
Investment Control (CPIC) review requirements established by OMB,
including Circular A-11, part 7, which establishes policy for planning,
budgeting, acquisition, and management of federal capital assets.
Examples of our analysis follow.
A-11 Requirement:
Provide a brief description of the investment and its status in the
CPIC review, including major assumptions made about the investment.
Results of our analysis:
The expenditure plan includes a brief description of SBlnet. The plan
does not describe the status of the investment in the DHS CPIC process,
but indicates that SBlnet is being managed using a CPIC framework.
However, it is unclear where SBlnet is in the CPIC process.
According to the SBlnet DHS Joint Requirements Council and IRB briefing
document for fiscal year 2007, dated November 22, 2006, the program
office plans to implement the CPIC process on an annual basis.
According to the SBlnet Program Manager, SBlnet projects are at various
stages in the acquisition life cycle. As a result, the program office
plans to combine multiple projects into a single decision milestone
that is to occur on an, at least, annual basis.
A-11 Requirement:
Describes the management structures, responsibilities, and
qualifications that contribute to achievement of cost, schedule, and
performance goals.
Results of our analysis:
The expenditure plan and other documentation address the management
structures and responsibilities. Specifically, the program office
includes six line and four staff directorates reporting to the SBlnet
Program Manager. The management structure also includes the use of
integrated project teams that consist of subject matter experts from a
variety of disciplines required to effectively manage an acquisition
project.
The draft Program Management Plan, dated September 18, 2006, identified
responsibilities for five of the six program office line directorates,
and for two of the four staff directorates. The plan also identified
responsibilities for some, but not all, divisions within each of the
directorates. For example, the plan describes the responsibilities of
the Mission Engineering Directorate, but it does not describe the
responsibilities for the five divisions within the Directorate.
We have not yet seen any documentation that describes the
qualifications of the program office staff.
A-11 Requirement:
Provide a summary of the investment's risk assessment, including how 19
OMB-identified risk elements are being addressed.
Results of our analysis:
The program office has defined and begun implementing a risk management
process, and developed a risk database that addresses 13 of the 19 OMB-
identified risk. The risk elements that are not addressed include
privacy and technical obsolescence.
A-11 Requirement:
Provides a summary of the investment's status in accomplishing baseline
cost and schedule goals through the use of an earned value management
(EVM) system or operational analysis, depending on the life- cycle
stage.
Results of our analysis:
The program office is currently relying on the prime integrator's EVM
system to manage the prime contractor's progress against cost and
schedule goals. The prime integrator's EVM system has been
independently certified as meeting established standards.
However, the EVM system has not yet been fully implemented because the
baselines against which progress can be measured for the two task
orders that have been issued to date has not yet been established.
According to program officials, these baselines will be established for
the program management task order and the Project 28 task order in mid-
December 2006 and mid-January 2007, respectively.
A-11 Requirement:
Demonstrates that the investment is included in the agency's enterprise
architecture and CPIC process.
Results of our analysis:
The expenditure plan did not include a discussion of the program
office's activities in regard to the DHS enterprise architecture.
Moreover, according to program officials, the program office has not
yet determined if SBInet is aligned with the architecture. According to
these officials, SBInet is to be reviewed by the Enterprise
Architecture Center of Excellence, which is the DHS entity that
determines enterprise architecture alignment, by the end of December
2006.
With respect to the CPIC requirement, the plan does not describe the
status of the investment in the DHS CPIC process, but indicates that it
is being managed using a CPIC framework. Also, as stated previously, it
is unclear where SBInet is in the CPIC process.
A-11 Requirement:
Provides a description of an investment's security and privacy issues.
Summarizes the agency's ability to manage security at the system or
application level. Demonstrates compliance with the certification and
accreditation process, as well as the mitigation of IT security
weaknesses.
Results of our analysis:
The expenditure plan did not include a discussion of security and/or
privacy. According to a program office security specialist, the program
office has not yet developed a system security plan because it is too
early in the system development life cycle. A system security plan is
to be developed as a part of the system certification and accreditation
process.
Regarding privacy, the program office developed a draft privacy impact
assessment dated October 2006. The assessment addresses several, but
not all, of OMB's criteria.[Footnote 14]
Legislative Condition #8: Includes Approvals by IRB,
DHS Secretary and OMB (Satisfied):
The expenditure plan, including related documentation and program
officials' statements, satisfied the condition that the plan be
reviewed and approved by DHS's Investment Review Board, the Secretary
of Homeland Security, and OMB.
DHS's Investment Review Board approved the plan on November 22, 2006.
The Secretary of Homeland Security approved the expenditure plan on
November 22, 2006.
OMB approved the plan on December 4, 2006.
Accountability * Integrity * Reliability:
Legislative Condition #9: Is Reviewed by GAO (Satisfied):
The expenditure plan, including related documentation and program
officials statements, satisfies the condition that the plan be reviewed
by GAO.
The SBInet PMO provided draft versions of the expenditure plan and
supporting documentation.
We conducted our review from October 11, 2006, to December 5, 2006.
Conclusions:
The SBInet December 2006 expenditure plan, including related
documentation and program officials' statements, has satisfied four,
partially satisfied four and not satisfied one of the nine conditions
legislated by the Congress. Satisfying the legislative conditions is
important because the expenditure plan is intended to provide Congress
with the information needed to effectively oversee the program and hold
DHS accountable for program results. Satisfying the legislative
conditions is also important to minimize the program's exposure to
cost, schedule, and performance risks.
DHS's approach to SBInet introduces additional risk because the
program's structure entails a high level of concurrency and lacks a
maximum quantity or dollar value for the integration contract.
The current expenditure plan offers a high-level and partial outline of
a large and complex program that forms an integral component of a
broader multi-year initiative. However, Congress and DHS need
additional details of planned milestones, anticipated interim and final
costs, and staffing to be reasonably assured that the current risk to
the project's cost, schedule, and ultimate effectiveness is minimized.
Recommendations:
To ensure that Congress has the information necessary to effectively
oversee SBInet and hold DHS accountable for program results, and to
help DHS manage the SBInet program and ensure that future SBInet
expenditure plans meet the legislative requirements, we recommend that
the Secretary of Homeland Security direct the U.S. Customs and Border
Protection Secure Border Initiative Program Management Office Executive
Director to take the following three actions:
* ensure that future expenditure plans include explicit and measurable
commitments relative to the capabilities, schedule, costs, and benefits
associated with individual SBInet program activities;
* re-examine the level of concurrency and appropriately adjust the
acquisition strategy; and:
* modify the SBInet systems integration contract to include a maximum
quantity or dollar value.
Agency Comments and Our Evaluation:
In their oral comments on a draft of this briefing, DHS, SBI, and
SBInet officials generally agreed with our findings. However, they did
not agree with our assessment that the expenditure plan did not satisfy
legislative condition #2 which requires the expenditure plan to
demonstrate how activities will further the goals and objectives of
SBI's strategic plan. They stated that all SBI net activities link back
to the overall goal of controlling the border and that the linkage
between program goals and activities is intuitive. We maintain our
position that the requirement has not been satisfied because the plan
and supporting documentation does not directly link SBInet's activities
to SBI's goals and objectives; therefore, Congress is not in a position
to understand how SBInet's activities contribute to these goals and
objectives.
With respect to our recommendations, DHS, SBI, and SBI net officials
agreed with our first recommendation on the need for future expenditure
plans to include explicit and measurable commitments relative to
capabilities, schedule, costs and benefits associated with individual
SBI net program activities. SBI and SBI net officials stated that more
details will be available for future expenditure plans as subsequent
task orders for the program are awarded.
DHS, SBI, and SBInet officials took issue with our second
recommendation that they re-examine the level of concurrency and
appropriately adjust the acquisition strategy. They stated that they
understand the risks inherent in concurrency and are addressing these
risks. However, they have yet to provide evidence that shows they have
identified the dependencies among their concurrent activities and that
their risk management framework considers the issue of concurrency;
therefore, we continue to believe that the level of concurrency should
be proactively addressed through reexamination and appropriate
adjustment of the acquisition strategy.
DHS, SBI and SBInet officials also took issue with our third
recommendation on modifying the SBlnet integration contract to include
a maximum quantity or dollar value. They stated that the contract
already contains a maximum quantity of "6,000 miles of secure U.S.
border" and that this was sufficient to satisfy the FAR requirement. We
disagree and continue to believe that a maximum quantity or dollar
value limit should be included in the integration contract in order to
ensure that it is consistent with FAR requirements.
DHS, SBI and SBInet officials also provided clarifying information that
we incorporated as appropriate in this briefing.
Attachment 1: Scope and Methodology:
To accomplish our objective, we analyzed the SBInet fiscal year 2007
expenditure plan and supporting documentation, comparing them to
relevant federal requirements and guidance, and applicable best
practices.
We reviewed draft versions of the expenditure plan, including versions
1.0 (November 15, 2006); 2.0 (November 27, 2006); and 2.1 (November 29,
2006). We also reviewed the final version of the plan submitted to
Congress on December 4, 2006.
We interviewed DHS, CBP, SBI, and SBInet program officials and
contractors.
We did not review the justification for cost estimates included in the
expenditure plan. In addition, we did not independently verify the
source or validity of the cost information.
We reviewed and assessed available program documentation against
federal and industry acquisition guidelines and practices, such as the
Software Engineering Institute's acquisition management processes and
controls.
We compared available program documentation to capital planning
guidance (OMB-A-11) to determine whether the information complies with
the capital planning and investment controls.
We conducted our work at CBP headquarters in the Washington, D.C.,
metropolitan area from October 2006 to December 2006, in accordance
with generally accepted government auditing standards.
[End of section]
Appendix II: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, DC 20528:
February 5, 2007:
Mr. Richard M. Stana:
Director, Homeland Security and Justice:
Government Accountability Office:
Washington, D. C. 20548:
Dear Mr. Stana:
Thank you for the opportunity to comment on draft report GAO-07-309,
"Secure Border Initiative: SBInet Expenditure Plan Needs to Better
Support Oversight and Accountability."
The U.S. Government Accountability Office (GAO) found that the SBInet
expenditure plan, including related documentation and program
officials' statements, satisfied four legislative conditions, partially
satisfied four legislative conditions, and did not satisfy one
legislative condition. CBP intends to fully satisfy each of these
legislative conditions in the near future in order to minimize the
program's exposure to cost, schedule, and performance risks.
For legislative condition 1: CBP has more detailed information about
the activities, milestones, and cost for implementing the program. When
the plan was submitted to Congress on December 4, 2006, the SBInet
prime integrator (Boeing) had been under contract for less than 90 days
and program plans were in the initial stages of development. Future
expenditure plans will include actual and planned progress towards the
SBInet solution.
For legislative condition 2: One of the goals outlined in the Secure
Border Strategic Plan is to gain effective control of the borders.
Effective control is measured in terms of miles, based on situational
awareness (probability to detect, identify, and classify entries) and
ability to respond. CBP provided documents to GAO under separate cover
that reflects the number of miles of effective control for the Yuma and
Tucson sectors today (baseline), the number of miles of effective
control for FY 2007, and the total number of miles of effective control
at the initial operational capability (IOC).
For legislative condition 4: The GAO indicated in its Briefing on the
SBInet Expenditure Plan that the Plan "should include a baseline
measure of operational control of the border" (slide 24). CBP feels
that the documentation for the 388 miles (see legislative condition 2,
above) satisfies the baseline measure of miles under control of the
border.
For legislative condition 6: CBP recognizes the risk inherent in
concurrency and is focused on managing this risk, not avoiding it. This
has been reflected in our risk management database. Our goal is to
deliver SBInet benefits as soon as possible without taking undue risks.
For legislative condition 7: CBP remains on plan to begin using Earned
Value Management (EVM) on the Program Management task order in mid
February 2007 after a successful Integrated Baseline Review (IBR) has
been conducted.
The DHS Privacy Office has reviewed the Privacy Impact Assessment and
their comments have been incorporated into the document. After a formal
review/coordination cycle, the document will be resubmitted to the DHS
Privacy Office for final review and approval.
CBP agrees that two of the three recommendations are essential to
successful program management, but does not concur with the
recommendation to modify the integration contract to reflect a maximum
quantity. CBP has determined that "miles of secured border" is a
measurable component and that "6,000 miles of secured border" satisfies
the intent of the Federal Acquisition Regulation (FAR), which does not
require a breakdown of what goes into making up that quantity. The
remaining two recommendations have and will continue to be addressed as
part of the Program Management Office's (PMO) efforts to balance
quality, cost, schedule, and accountability for program commitments.
CBP believes the recommendations contained in this report provide
useful and collaborative improvements in SBInet program management and
contract execution. CBP recognizes that attention to details on
activities, milestones and costs are key to a successful program, and
are essential elements of program management. The method for achieving
these goals is detailed in the response to each recommendation.
Recommendation 1: Ensure that future expenditure plans include explicit
and measurable commitments relative to the capabilities, schedule,
costs, and benefits associated with individual SBInet program
activities.
Response: Concur.
CBP will ensure that all future expenditure plans contain the most
accurate information available at the time of publication. The FY 2007
expenditure plan was required to be submitted to Congress within 60
days of enactment of the FY 2007 Department of Homeland Security
Appropriations Act (P.L. 109-295). When the plan was submitted to
Congress on December 4, 2006, the SBInet prime integrator (Boeing) had
been under contract for less than 90 days and program plans were in the
initial stages of development. Future expenditure plans will include
actual and planned progress.
Furthermore, to ensure that Congress is informed of SBInet
developments, future expenditure plans will report progress against
commitments contained in prior expenditure plans. CBP will include a
section in future expenditure plans that addresses and tracks
milestones and other program commitments made in all prior expenditure
plans.
Recommendation 2: Modify the SBInet systems integration contract to
include a maximum quantity or dollar value.
Response: Non-Concur:
The determination has been made to express the maximum quantity for
subject solicitation as "6,000 miles of secured border". CBP has
determined that "miles of secured border" is a measurable component;
therefore, this is deemed the most appropriate approach to defining the
contract ceiling.
Recommendation 3: Re-examine the level of concurrency and appropriately
adjust the acquisition strategy.
Response: Concur:
CBP is constantly assessing the overall program as it unfolds and
adjusting it to reflect progress, resource constraints, refinements and
changes in requirements, and insight gained from on-going system
engineering activities. Our goal is to deliver SBInet benefits as soon
as possible without taking undue risks. While initial activities
(Project 28, Barry M. Goldwater Range Project, Fence Lab) are being
conducted in parallel with the up-front program-level system
engineering, they will serve as risk reduction activities and provide
lessons learned to the main program level activities. The main
implementation projects for SBInet deployments to Sectors and the
Common Operating Picture Project have been aligned to be paced by the
program-level system engineering activities. This will manage
concurrency, not avoid it.
The Department thanks you for the work that was done on this engagement
and the cooperation received from the GAO team under tight timelines.
Sincerely,
Steven J. Pecinovsky:
Director Departmental GAO/OIG Liaison Office:
[End of section]
Appendix III: GAO Contact and Staff Acknowledgments:
GAO Contact:
Richard M. Stana, (202) 512-8816, stanar@gao.gov:
Staff Acknowledgments:
In addition to the person named above, Robert E. White, Assistant
Director; Deborah Davis, Assistant Director; Richard Hung, Assistant
Director; E. Jeanette Espínola; Frances Cook; Katherine Davis; Gary
Delaney; Joseph K. Keener; Sandra Kerr; Raul Quintero; and Sushmita
Srikanth made key contributions to this report.
FOOTNOTES
[1] Pub. L. No. 109-295, 120 Stat. 1355, 1359-60. The Appropriations
Act required that the expenditure plan be submitted within 60 days
after the enactment of the act.
[2] As of December 2006, SBInet personnel included 38 government
employees and 60 contractor staff. Projected personnel as of September
2007 includes 113 government employees and 157 contractors.
[3] The U.S. Border Patrol has 20 sectors responsible for detecting,
interdicting, and apprehending those who attempt to illegally enter or
smuggle people, including terrorists, or contraband, including weapons
of mass destruction, across U.S. borders between official ports of
entry.
[4] DHS defines control of U.S. borders as the ability to: detect
illegal entries, identify and classify entries and determine their
respective level of threat, efficiently and effectively respond, and
bring events to a satisfactory law enforcement action.
[5] FAR 16.504(a)(4)(ii).
[6] EVM is a management tool to help ensure that work performed for a
program or project is consistent with cost and schedule goals.
[7] An enterprise architecture defines how any organization operates
today and how it plans to operate in the future, and it includes a road
map for transitioning between the two sets of operations.
[8] Pub. L. No. 109-295, 120 Stat. 1355, 1359-60. The Appropriations
Act required an expenditure plan to establish a security barrier along
the border of the United States of fencing and vehicle barriers and
other forms of tactical infrastructure and technology. In response to
this requirement, DHS submitted a plan on December 4, 2006, titled
"SBlnet Expenditure Plan," that defines SBlnet as "the component of SBI
charged with developing and installing the technology and tactical
infrastructure solution for border control." The Appropriations Act
also required GAO to review the expenditure plan.
[9] Satisfied means that the plan, in combination with supporting
documentation, either satisfied or provides for satisfying each
requirement of the condition that we reviewed. Partially satisfied
means that the plan, in combination with supporting documentation,
either satisfied or provides for satisfying some, but not all, key
aspects of the condition that we reviewed. Not satisfied means that the
plan, in combination with supporting documentation, does not satisfy
any of the key aspects of the condition that we reviewed.
[10] The purpose of the Investment Review Board is to integrate capital
planning and investment control, budgeting, acquisition and management
of investments. It is also to ensure that spending on investments
directly supports and furthers the mission and that this spending
provides optimal benefits and capabilities to stakeholders and
customers.
[11] According to DHS officials, no FY2006 funds were allocated to
SBlnet activities.
[12] Other includes activities related to test and evaluation,
deployment and installation, and integrated logistics support.
[13] See discussion of legislative condition #1 for a review of planned
activities and costs.
[14] OMB, Guidance for Implementing the Privacy Provisions of the E-
Government Act of 2002, OMB M-03-22 (Sept. 26, 2003).
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site (www.gao.gov). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site.
To have GAO e-mail you a list of newly posted products every afternoon,
go to www.gao.gov and select "Subscribe to Updates."
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. Government Accountability Office 441 G Street NW, Room LM
Washington, D.C. 20548:
To order by Phone: Voice: (202) 512-6000 TDD: (202) 512-2537 Fax: (202)
512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Gloria Jarmon, Managing Director, JarmonG@gao.gov (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125
Washington, D.C. 20548:
Public Affairs:
Paul Anderson, Managing Director, AndersonP1@gao.gov (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548:
