Homeland Security Grant Program Risk-Based Distribution Methods
Presentation to Congressional Committees - November 14, 2008 and December 15, 2008 Gao ID: GAO-09-168R December 23, 2008This report formally transmits the briefing in response to P.L. 110-329, the Consolidated Security, Disaster Assistance and Continuing Appropriations Act, that required GAO for the fourth year to review the methodology the Department of Homeland Security (DHS) and the Federal Emergency Management Agency (FEMA) use to allocate Homeland Security Grant Program (HSGP) grants, including the risk assessment methodology they use to determine which urban areas are eligible to apply for grants. HSGP includes the State Homeland Security Program (SHSP) and Urban Areas Security Initiative (UASI) grants. Our objective was to identify any changes in the methodology for risk assessment and grant allocation for 2009 and to assess the reasonableness of the methodology. We analyzed DHS and FEMA documents including the fiscal year 2008 and 2009 risk analysis models and grant guidance and interviewed DHS and FEMA officials about the changes in the 2009 model. We did our work between October and December 2008 in accordance with generally accepted government auditing standards. We briefed the mandated reporting committees with two briefings in November 2008 and December 2008 on the results of our analysis.
DHS has adopted a process of continuing improvement in its methods for assessing risk and measuring grant applicants' effective use of resources. SHSP and UASI grant allocations continue to be based on a three-step process: (1) risk assessments to determine areas eligible to apply for grants, (2) effectiveness assessments of the grant applicants' investment justifications, and (3) final grant allocations. The methodology is described in detail in our 2008 report. There were minor changes in the risk assessment for 2009 and no changes in the process used for the effectiveness assessment and final grant allocations. Generally, we found that DHS has constructed a reasonable methodology to assess risk and allocate funds. DHS uses empirical risk analysis and policy judgments to select the urban areas eligible for grants (all SHSP grantees are guaranteed a specified minimum percentage of available grant funds) and to allocate SHSP and UASI funds. DHS continued to include three basic variables in its risk assessment--threat, vulnerability, and consequences. For fiscal year 2009, DHS changed some elements of the inputs used for the threat, economic, and national security indexes used in the model. The value of each of these indices is given a specific weight in the risk assessment (for example, the threat index is weighted at 20 percent and the population index at 40 percent of the final risk score). DHS continued to consider all areas of the nation equally vulnerable to a successful terrorist attack and assigned every state and urban area a vulnerability score of 1.0 in the risk analysis model. Thus, as a practical matter, the final risk scores are determined by the threat and consequences scores. The result of the UASI risk assessment is a list of UASI jurisdictions eligible for grants. A total of 62 urban areas were eligible for grants in 2009 (60 were eligible in 2008). In response to grantee feedback, in 2009, DHS for the first time provided each eligible State and UASI area its estimated target grant allocation in the Fiscal Year 2009 Homeland Security Grant Program Guidance and Application Kit. FEMA believes this change will enable grantees to better target their investment justifications in their grant applications as the amounts requested should more closely match final actual allocations. Applicants may submit applications for up to 110 percent of their targeted allocation. Final 2009 allocations will be based on the targeted allocations as adjusted by applicants' effectiveness scores, up to a maximum of plus or minus 10 percent of their targeted allocation. As in 2008, the seven urban areas with the highest risk scores (Tier I) will be collectively allocated 55 percent of total available fiscal year 2009 funds and the remaining 55 urban areas (Tier II) will be collectively allocated 45 percent.
GAO-09-168R, Homeland Security Grant Program Risk-Based Distribution Methods: Presentation to Congressional Committees - November 14, 2008 and December 15, 2008
This is the accessible text file for GAO report number GAO-09-168R
entitled 'Homeland Security Grant Program Risk-Based Distribution
Methods: Presentation to Congressional Committees - November 14, 2008
and December 15, 2008' which was released on December 24, 2008.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
GAO-09-168R:
United States Government Accountability Office:
Washington, DC 20548:
December 23, 2008:
Congressional Committees:
Subject: Homeland Security Grant Program Risk-Based Distribution
Methods: Presentation to Congressional Committees - November 14, 2008
and December 15, 2008:
This report formally transmits the attached briefing in response to
P.L. 110-329, the Consolidated Security, Disaster Assistance and
Continuing Appropriations Act, that required GAO for the fourth year to
review the methodology the Department of Homeland Security (DHS) and
the Federal Emergency Management Agency (FEMA) use to allocate Homeland
Security Grant Program (HSGP) grants, including the risk assessment
methodology they use to determine which urban areas are eligible to
apply for grants. HSGP includes the State Homeland Security Program
(SHSP) and Urban Areas Security Initiative (UASI) grants. Our objective
was to identify any changes in the methodology for risk assessment and
grant allocation for 2009 and to assess the reasonableness of the
methodology. We analyzed DHS and FEMA documents including the fiscal
year 2008 and 2009 risk analysis models and grant guidance and
interviewed DHS and FEMA officials about the changes in the 2009 model.
We did our work between October and December 2008 in accordance with
generally accepted government auditing standards. We briefed the
mandated reporting committees with two briefings in November 2008 and
December 2008 on the results of our analysis. A copy of the final
briefing is enclosed.
DHS has adopted a process of continuing improvement in its methods for
assessing risk and measuring grant applicants' effective use of
resources. SHSP and UASI grant allocations continue to be based on a
three-step process: (1) risk assessments to determine areas eligible to
apply for grants, (2) effectiveness assessments of the grant
applicants' investment justifications, and (3) final grant allocations.
The methodology is described in detail in our 2008 report.[Footnote 1]
There were minor changes in the risk assessment for 2009 and no changes
in the process used for the effectiveness assessment and final grant
allocations. Generally, we found that DHS has constructed a reasonable
methodology to assess risk and allocate funds. DHS uses empirical risk
analysis and policy judgments to select the urban areas eligible for
grants (all SHSP grantees are guaranteed a specified minimum percentage
of available grant funds) and to allocate SHSP and UASI funds.
DHS continued to include three basic variables in its risk assessment-
-threat, vulnerability, and consequences. For fiscal year 2009, DHS
changed some elements of the inputs used for the threat, economic, and
national security indexes used in the model. The value of each of these
indices is given a specific weight in the risk assessment (for example,
the threat index is weighted at 20 percent and the population index at
40 percent of the final risk score). DHS continued to consider all
areas of the nation equally vulnerable to a successful terrorist attack
and assigned every state and urban area a vulnerability score of 1.0 in
the risk analysis model. Thus, as a practical matter, the final risk
scores are determined by the threat and consequences scores.
The result of the UASI risk assessment is a list of UASI jurisdictions
eligible for grants. A total of 62 urban areas were eligible for grants
in 2009 (60 were eligible in 2008). In response to grantee feedback, in
2009, DHS for the first time provided each eligible State and UASI area
its estimated target grant allocation in the Fiscal Year 2009 Homeland
Security Grant Program Guidance and Application Kit. FEMA believes this
change will enable grantees to better target their investment
justifications in their grant applications as the amounts requested
should more closely match final actual allocations. Applicants may
submit applications for up to 110 percent of their targeted allocation.
Final 2009 allocations will be based on the targeted allocations as
adjusted by applicants' effectiveness scores, up to a maximum of plus
or minus 10 percent of their targeted allocation. As in 2008, the seven
urban areas with the highest risk scores (Tier I) will be collectively
allocated 55 percent of total available fiscal year 2009 funds and the
remaining 55 urban areas (Tier II) will be collectively allocated 45
percent.
We are not making any new recommendations for congressional
consideration or agency action. However, we note that DHS has not taken
action to address our recommendation from last year's report that "the
Secretary of DHS formulate a method to measure vulnerability that
captures variations across states and urban areas, and apply this
vulnerability measure in future iterations of this risk-based grant
allocation model." FEMA and DHS concurred with the recommendation. In
its comments on a draft of our briefing slides, FEMA officials stated
that their ability to make a substantial change to the vulnerability
calculation was limited by (1) the timing of the fiscal year 2009 roll-
out "on the heels" of the fiscal year 2008 allocations and (2) DHS
leadership's desire to minimize year-to-year changes. We continue to
believe that FEMA should formulate a method to measure vulnerability
that captures variations across jurisdictions. DHS has completed
vulnerability assessments for critical infrastructure and surface
transportation modes that could be of potential use in assessing
variations in vulnerability across jurisdictions.
FEMA's officials also told us that the Grant Directorate is developing
a Cost-to-Capability (C2C) initiative that could, among its other
purposes, potentially serve as a proxy measure for vulnerability to an
international terrorist incident. Still in its early stages, C2C
focuses on efforts to measure a jurisdiction's capability to prevent
and respond to various types of disasters compared to a target level of
capability. To measure capability, the C2C initiative will use DHS's 15
National Planning Scenarios of terrorist and nonterrorist disaster
incidents, and the target capabilities developed using those scenarios.
Those target capabilities are currently being revised. With regard to
vulnerability, the concept behind C2C is that the more capable an area
is to prevent and respond to a terrorist attack, the less vulnerable it
is. However, as designed, C2C results will not directly measure
vulnerability. In its agency comments FEMA noted that the extent to
which C2C will help measure vulnerability is yet to be determined.
We are sending copies of this report to the appropriate congressional
committees, the Secretary of Homeland Security, and other interested
parties. This report will also be available at no charge on our Web
site at [hyperlink, http://www.gao.gov]. Should you or your staff have
any questions concerning this report, please contact me at (202) 512-
8757 or jenkinsWO@gao.gov. Contact points for our Offices of
Congressional Relations and Public Affairs may be found on the last
page of this report. Key contributors to this report were Chris
Keisling, Assistant Director; Charles Bausell, Assistant Director; John
Vocino; Orlando Copeland; and Perry Lusk.
Signed by:
William O. Jenkins:
Director, Homeland Security and Justice Issues:
List of Committees:
The Honorable Robert C. Byrd, Chairman:
The Honorable Thad Cochran, Ranking Member:
Committee on Appropriations:
United States Senate:
The Honorable David R. Obey, Chair:
The Honorable Jerry Lewis, Ranking Member:
Committee on Appropriations:
House of Representatives:
[End of section]
Enclosure: Briefing Slides:
Homeland Security Grant Program (HSGP) Risk-Based Distribution Methods:
Presentation to Congressional Committees:
November 14, 2008 and December 15, 2008:
Introduction:
According to the Department of Homeland Security (DHS):
* DHS will make available approximately $1.7 billion to states and
urban areas through its FY 2009 Homeland Security Grant Program (HSGP)
to prevent, protect against, respond to, and recover from acts of
terrorism or other catastrophic events.
* The HSGP risk-based allocation process is used for the State Homeland
Security Program (SHSP) and Urban Areas Security Initiative (UASI).
* DHS‘s grant programs are managed by the Federal Emergency Management
Agency‘s (FEMA) Grants Program Directorate.
Objectives:
Since FY 2006, GAO has responded to a legislative mandate to review the
grant program and assess its allocation method.
This year we are addressing the following question:
* What methodology did DHS use to allocate HSGP funds, including any
changes DHS made to the eligibility and allocation processes, and how
reasonable is DHS‘s methodology?
Scope and Methodology:
We analyzed DHS documents including the FY 2008 and FY 2009 risk
analysis models and grant guidance, and interviewed DHS officials
about:
* The changes, if any, to the HSGP FY 2009 grant eligibility and
allocation processes:
- The process by which DHS‘s risk analysis model is used to estimate
relative risk: Risk = Threat x ’Vulnerability & Consequences.“
- How the effectiveness assessment process is conducted.
- How final allocation decisions are made.
We did our work from October 2008 to December 2008 in accordance with
generally accepted government auditing standards.
We initially briefed congressional staff on November 14, 2008, adding
information on the Cost-to-Capability initiative for the December 15
briefing.
Results in Brief:
Our 2009 review found that compared to 2008:
* There was no change in DHS‘s basic approach.
* Allocation method remains reasonable, but Vulnerability measure
remains limited.
* DHS used same three-step process: (1) risk analysis to determine
eligible UASI areas, (2) effectiveness assessment of applicants‘
investment proposals, and (3) final allocation decisions.
- Risk analysis model = minimal changes.
- Criteria for one Threat Index tier changed.
- Data source within Economic Index changed; two sources added in
National Security Index.
- Risk analysis results in list of UASI areas eligible for funding. New
in FY 2009, DHS provided grantees their estimated target allocations in
the Homeland Security Grant Program Guidance and Application Kit.
- Effectiveness assessment process = no changes.
- Final grant allocation = no changes.
Background:
We‘ve reviewed this program for the last four grant cycles. In previous
reviews we reported:
* Inherent uncertainty is associated with estimating risk of terrorist
attack, requiring the application of policy and analytic judgments. The
use of sensitivity analysis can help to gauge what effects key sources
of uncertainty have on outcomes.
* DHS has adopted a process of ’continuing improvement“ to its methods
for estimating risk and measuring applicants‘ effectiveness.
Background: Evolution of DHS‘s Risk-Based Formula:
Figure: Timeline:
[Refer to PDF for image]
Department of Justice-run program: 2001;
9/11/2001: Begin Stage 1;
Stage 1: R=P; Fiscal years 2001-2003;
10/26/2001: USA Patriot Act;
11/25/2002: Homeland Security Act.
Stage 2: R=T+Cl+PD; Fiscal years 2004-2005;
Stage 3: R=T*V*C*; Fiscal year 2006.
Stage 4: R=T* "V&C"; Fiscal years 2007-2008;
08/03/2008: 9/11 Act.
Source: GAO analysis based on Congressional Research Service.
Definitions for the formulas above:
R=P: represents Risk equals population;
R=T+Cl+PD: represents Risk equals Threat plus Critical Infrastructure
plus Population Density;
R=T*V*C*: represents Risk equals Threat times Vulnerability times
Consequences;
R=T* "V&C": represents DHS's presentation of the risk calculation
formula used in their risk analysis model for 2007-2009.
[End of figure]
Background: Overview of the HGSP Grant Determination Process (UASI and
SHSP):
Since 2006, DHS has applied a three-step process”using analytical
methods and policy judgments”to select eligible urban areas and
allocate SHSP and UASI funds:
1. Use of a risk analysis formula (R = T times ’V&C“) with the same
basic indices (e.g., threat, economic), and weights results in list of
eligible UASI areas.
2. Implementation of an effectiveness assessment, including a peer
review process, to assess and score the effectiveness of the proposed
investments submitted by the eligible applicants.
3. Calculation of a final allocation of funds based on state‘s and
urban areas‘ risk scores as adjusted by their effectiveness scores.
Background: Overview of the Grant Allocation Methodology for UASI and
SHSG:
Figure: Grant Allocation Methodology for UASI and SHSG:
[Refer to PDF for image]
UASI:
Phase I: Risk Analysis;
Relative risk estimate; produces risk score for urban areas;
Phase II: Effectiveness assessment:
Peer review of investment justifications;
Effectiveness score is produced;
Phase III: Final allocation;
Effectiveness/risk matrix is used to determine grant allocation.
SHSP:
Phase I: Risk Analysis;
Relative risk estimate; produces risk score for states and territories;
Phase II: Effectiveness assessment:
Peer review of investment justifications;
Effectiveness score is produced;
Phase III: Final allocation;
Effectiveness/risk matrix is used to determine grant allocation;
Statutory minimum: .365%[A].
Source: GAO analysis of DHS documents and information provided in
interviews.
[A] Statutory minimum for FY 2009: 0.365% of the total amount of funds
appropriated for SHSP plus IASI grants.
[End of figure]
Risk Analysis in FY 2009: Model Used in Determining Relative Risk
Scores:
Figure: Model Used in Determining Relative Risk Scores:
[Refer to PDF for image]
Risk equals: Threat Index times Vulnerability and Consequence Index.
Components of Threat Index:
* Data: Ongoing plotlines, credible reporting, relevant investigations
to create threat tiers;
* Source: Intelligence Community reporting.
Components of Vulnerability and Consequence Index V&C=(P+E+I+N):
* Population Index:
Data: Population (nighttime, Commuter, Visitor) and Population Density;
Source: Census, Smith Travel.
* Economic Index:
Data: Gross Domestic Product;
Source: Department of Commerce; Bureau of Economic Statistics.
* National Infrastructure Index:
Data: # Tier 1 Assets (x3) + # Tier 3 Assets;
Source: DHS/QIP, SSAs, states and territories.
* National Security Index:
Data: Number of Defense Industrial Base (DIB) Facilities, Military
Personnel, International Border Crossings, Presence of Coastline,
International Border;
Source: DOD. DHS/CBP.
Population Index: 40%;
Economic Index: 20%;
Threat Index: 20%;
National Infrastructure Index: 15%;
National Security Index: 5%.
Source: DHS.
Note: "DHS/OIP" Stands for DHS's Office of Infrastructure Protection.
"SSAs" stands for Sector-Specific Agencies, which are federal
departments and agencies identified in the National Infrastructure Plan
as responsible for critical infrastructure protection activities. "DOD"
stands for the Department of Defense. "DHS/CBP" stands for the DHS's
Customs and Border Protection.
[End of figure]
Risk Analysis Model: Calculating Threat:
Threat Index:
* Reflects the intelligence community‘s best assessment of areas of the
country and potential targets most likely to be attacked.
* Process considers threat information from the intelligence community
of ongoing plotlines and credible threats from international terrorist
networks and affiliates.
For FY 2009 model, criteria for one of the four threat tiers changed to
reflect updated intelligence assessment.
DHS”Intelligence and Analysis (I&A)”reported additional processes
implemented to consult with states on threat information.
Risk Analysis Model: Calculating Vulnerability and Consequences
(’V&C“):
* Few changes made to the model, primarily data and process
improvements, according to DHS officials.
* Vulnerability is still considered to be constant across all
jurisdictions and in the risk formula is assigned a value of 1.0 for
all jurisdictions.
Consequences:
Population Index:
* No changes.
Economic Index:
* Data source changed from that of a private company to an annually
updated data set from the U.S. Commerce Department‘s Bureau of Economic
Analysis.
National Infrastructure Index:
* No changes.
National Security Index:
* Additional data sources were added to improve the index.
1. The number of military personnel and the number of critical defense
industrial base facilities.
2. Presence of borders or coastline as determined by U.S. Customs and
Border Protection inspection.
- Each jurisdiction received either full credit or none.
Vulnerability is a crucial component of risk assessment.
In June 2008, we reported that[Footnote 2]:
* While DHS has constructed a reasonable methodology to allocate funds
within a given year, the Department needs to measure Vulnerability to
capture variations in vulnerability across states and urban areas.
As a result, we recommended:
* ’that the Secretary of DHS formulate a method to measure
Vulnerability that captures variations across states and urban areas,
and apply this Vulnerability measure in future iterations of this risk-
based grant allocation model.“
Vulnerability Element of DHS‘s Risk Analysis Model Has Limitations that
Reduce Its Value:
Status of DHS‘s response to our recommendation:
* FEMA and I&A agreed that the current methodology for determining
Vulnerability is not the optimum approach.
* FEMA officials told us they have not identified a means of measuring
Vulnerability effectively across all states and urban areas, but had
little time between the 2008 and 2009 cycles to consider alternatives.
* Instead, FEMA‘s Grant Directorate has focused its resources on
launching an inverse approach called Cost-to-Capability (C2C) that is
in its early stages. C2C focuses on efforts to measure a jurisdiction‘s
capability to prevent and respond to various types of disasters
compared to a target level of capability.
* As its organizing structure, the C2C initiative uses DHS‘s National
Planning Scenarios of terrorist and nonterrorist disaster incidents,
and the target capabilities developed using those scenarios.
Grant Programs Directorate‘s Cost to Capability Initiative (C2C) Being
Developed:
C2C is being developed by FEMA‘s Grant Management Directorate and is
intended to be a decision support system to enable that Directorate to
effectively manage FEMA‘s grant portfolio and to assist grant recipients
optimize the use of their grant funds.
One critical element of C2C”identifying the importance of each
capability to each of the 15 planning scenarios used to develop target
capabilities”is still under development.
FEMA‘s intends to provide C2C as a tool that uses a common language
and analytical framework to help state and local stakeholders make
better investment decisions.
Grantee use of C2C will not be mandatory.
As designed, C2C results will not directly measure Vulnerability or
preparedness.
Cost to Capability Initiative (C2C) Faces Implementation Challenges:
To date, national capability assessments have been based on state self-
assessments whose comparability, reliability, accuracy, and data
validity are uncertain.
Input data for C2C is to be based on self assessments of capabilities
from state preparedness plans, estimates of baseline capability, and the
estimated relative capability improvement expected from a requested
level of investment.
For states to use C2C effectively, the state and local data used for
assessing state and local capabilities must be in the common language of
Target Capabilities and must have metrics that are compatible with C2C.
These metrics are being developed by FEMA‘s National Preparedness
Directorate.
The potential for successful use of C2C as a national capability
assessment tool is limited by the variations in the analytical skill
levels across state and local users of C2C, according to FEMA.
FEMA/Grant Programs Directorate‘s Cost to Capability Initiative (C2C):
Figure: FEMA/Grant Programs Directorate‘s Cost to Capability Initiative
(C2C):
[Refer to PDF for image]
Step 1: Connect Grant Dollars Awarded to Planned Activities:
Analysis of Investment Purpose:
Grant Applications, Progress Reporting, Monitoring Reports, and Grant
Closeout Reports.
Analysis of Investment Cost:
Award Notices, Progress Reporting, Grant Closeout Reports.
Step 2: Use a Capability Framework to Align Grant Dollars to Common
Variables:
Capability Framework: Built from the Target Capabilities List and other
Industry Standards:
Common Variables: V1 = Capacity;
Capability A: Measure 1; Measure 2; Measure 3;
Capability B: Measure 1; Measure 2.
Common Variables: V2= Resiliency;
Capability A: Measure 1; Measure 2;
Capability B: Measure 1.
Common Variables: V3= Sustainment;
Capability A: Measure 1; Measure 2;
Capability B: Measure 1; Measure 2.
Common Variables: V4= To be determined;
Capability A: Measure 1; Measure 2;
Capability B: Measure 1; Measure 2; Measure 3.
Step 3: Cost-to-Capability Analysis (Note: The Cost-to-Capability
Requirements Documents and Concept of Operations are scheduled for
release in August 2008):
Integrate external factors which affect the relationship between cost
and capability (e.g., population).
Cost-to-Capability Approach: (Utilizing stakeholder input at each
step):
Gather data;
Pulse SMEs to quantify relationships between data;
Inform Budget Formulation, Policy Decisions, and Programmatic
Decisions;
Identify data needed to inform key decisions.
Source: FEMA/Grants Programs Directorate.
[End of figure]
DHS Has Not Used Data that Could Inform Risk Model Vulnerability
Inputs:
DHS has made some efforts to measure vulnerability for specific assets
across the nation. We reported in 2007 that DHS had[Footnote 3]
* Assessed vulnerability of assets within surface transportation modes
(mass transit, freight rail, and highway infrastructure).
* Conducted over 2,600 vulnerability assessments on every critical
infrastructure sector through the Comprehensive Review program, the
Buffer Zone Protection program, and the Site Assistance Visit program.
[Footnote 4]
DHS and FEMA could evaluate how these assessments could be used to
provide some differentiation in measures of Vulnerability used for its
risk model formula.
Sensitivity of the Risk Analysis Model:
GAO‘s analysis of the FY 2009 model:
* It takes moderate changes to the weights of the model‘s risk indices,
such as the weights given to the threat or economic indices, to change
the urban areas that compose the Tier 1 list, which are those areas
with the highest risk scores.
* The current model is more sensitive than the FY 2008 model.
* For those urban areas ranked near the bottom of the Tier 2 list,
modest changes in the weights for the indices used to quantify risk
can result in changes in eligibility.[Footnote 5]
* The current model is more sensitive than the FY 2008 model.
Effectiveness Assessment:
* No change in process for FY 2009.
Final Allocation Process – FY 2009 Grants Based on Both Risk and
Effectiveness Scores:
DHS/FEMA plans to allocate FY 2009 funds based on the risk scores of
states and urban areas, adjusted by a maximum of +/-10% by their
effectiveness scores.
2009 HSGP Grant Guidance provided grantees with their estimated target
grant allocations, rather than get allocations after effectiveness
assessment:
* FEMA responded to grantees‘ input in the 2008 grant after-action
conference.
* FEMA believes it enables grantees to better target the grant
justifications in their applications as amounts requested should more
closely match final actual allocations.
* FEMA officials anticipate this change will encourage grantees to
develop more targeted and realistic proposals that will be better linked
to capabilities and performance measures.
Final Allocation Process – Ranking UASI Grantees by Tiered Groups:
62 eligible UASI areas in FY 2009 (60 in 2008):
* Tier 1 = 7 highest risk areas and eligible for 55% of available
funds.
* Tier 2 = 55 areas (2 more than FY 2008) and eligible for 45% of
available funds.
* Same allocation between Tiers 1 and 2 as 2008.
According to DHS officials:
* Expansion from 60 to 62 eligible UASI areas for FY 2009 is a policy
decision driven by desire to provide program consistency for grantees.
* Department intends to review all Urban Areas for next grant cycle --
with the new DHS leadership -- to determine the appropriate number for
the UASI program.
Concluding Observations:
The FY 2009 HSGP risk allocation method continues the same approach we
deemed reasonable in 2008 and provides program continuity.
FEMA‘s continuing improvement efforts are reflected in changes including
data sets used, and providing grantees their target allocations at the
beginning of the FY 2009 grant cycle. Previously, grantees did not
receive target allocations, but only their final allocations following
the completion of the effectiveness assessment.
GAO‘s 2008 recommendation on Vulnerability measure remains unaddressed.
* FEMA‘s C2C initiative does not address our concerns about measuring
Vulnerability.
GAO is not issuing new recommendations with this report.
Agency Comments:
FEMA provided comments on both the November 14 and December 15 versions
drafts of this briefing. With respect to the Vulnerability element of
DHS‘s Risk Analysis Model, FEMA provided written comments via e-mail
that:
* It believes its ability to make a substantial change to the
Vulnerability calculation was limited by (1) the timing of its FY 2009
roll-out ’on the heels“ of FY 2008 and (2) the department's leadership
desire to minimize year-to-year changes.
* ’it has been suggested that DHS should identify a distinct
Vulnerability term for each of the four risk indices and multiply it
against the Consequence terms, which would result in a more precise
risk allocation that reflects Vulnerability as well as Threat and
Consequence.“
FEMA also provided technical comments that we incorporated as
appropriate.
[End of briefing slides]
Footnotes:
[1] GAO, Homeland Security: DHS Risk-Based Methodology is Reasonable,
But Current Version's Measure of Vulnerability is Limited, [hyperlink,
http://www.gao.gov/products/GAO-08-852] (Washington, D.C.: June 2008).
[2] GAO, Homeland Security: DHS Risk-Based Grant Methodology Is
Reasonable, But Current Version's Measure of Vulnerability is Limited,
[hyperlink, http://www.gao.gov/products/GAO-08-852] (Washington, D.C.:
June 2008).
[3] GAO, Department Of Homeland Security: Progress Report on
Implementation of Mission and Management Functions, [hyperlink,
http://www.gao.gov/products/GAO-07-454] (Washington, D.C.: August
2007).
[4] DHS describes the Comprehensive Review as a structured,
collaborative government and private sector analysis of high value
critical infrastructure and key resources facilities. Through the
Buffer Zone Protection Program, and with the support of DHS, local
authorities develop Buffer Zone Protection Plans, which DHS reported
have several purposes, including identifying specific threats and
vulnerabilities associated with the buffer zone and analyzing the level
of risk associated with each vulnerability. DHS describes the Site
Assistance Visit Program as an information gathering visit with several
goals, such as better understanding and prioritizing vulnerabilities of
critical infrastructure and key resources and increasing awareness of
threats and vulnerabilities among critical infrastructure and key
resources owners and operators.
[5] The specific data on these changes is Sensitive Security
information.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
