Department of Homeland Security
Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed Gao ID: GAO-10-131 November 20, 2009Significant management challenges exist for the Department of Homeland Security (DHS) as it continues to integrate its varied management processes, policies, and systems in areas such as financial management and information technology. These activities are primarily led by the Under Secretary for Management (USM), department management chiefs, and management chiefs in DHS's seven components. The Government Accountability Office (GAO) was asked to examine: (1) the extent to which DHS has developed a comprehensive strategy for management integration that includes the characteristics recommended in GAO's 2005 report; (2) how DHS is implementing management integration; and (3) the extent to which the USM is holding the department and component management chiefs accountable for implementing management integration through reporting relationships. GAO reviewed DHS plans and interviewed management officials in DHS's headquarters and in all components.
DHS has not yet developed a comprehensive strategy for management integration as required by the 9/11 Commission Act of 2007 and with the characteristics GAO recommended in a 2005 report. Although DHS stated in response to the 2005 report that it was developing an integration strategy, it has not yet done so, in part because it has focused on building operations capacity within functional management areas. In the absence of a comprehensive management integration strategy, DHS officials stated that documents such as management directives and strategic plans address aspects of a management integration strategy and can help the department to manage its integration efforts. However, they do not generally include all of the strategy characteristics GAO identified, such as identifying the critical links that must occur among management initiatives and time lines for monitoring the progress of these initiatives. In addition, DHS has increased the number of performance measures for the Management Directorate, but has not yet established measures for assessing management integration across the department, although DHS officials stated that the department intends to do so. Without these measures DHS cannot assess its progress in implementing and achieving management integration. In the absence of a comprehensive strategy, DHS's Management Directorate has implemented management integration through certain initiatives and mechanisms to communicate and consolidate management policies, processes, and systems. The directorate uses councils to communicate information related to the implementation of management initiatives, among other things. The directorate has also established governance boards and processes to manage specific activities. Further, the directorate is in the process of consolidating certain management systems. However, without a documented management integration strategy, it is difficult for DHS, Congress, and other key stakeholders to understand and monitor the critical linkages and prioritization among these various efforts. The USM and department and component management chiefs are held accountable for implementing management integration through reporting relationships at three levels--between the Secretary and the USM, the USM and department chiefs, and the department and component chiefs--in which, among other things, the Secretary of Homeland Security, USM, and department chiefs are required to provide input into performance plans and evaluations. The Deputy Secretary--through delegation from the Secretary--and the USM have provided input into the USM's and department chiefs' plans and evaluations, respectively. Although department chiefs are required by management directives to provide component chiefs with written objectives at the start of the annual performance cycle, in fiscal year 2009 only two out of six department chiefs provided such input to component chiefs. Without ensuring that the management chiefs provide input into component chiefs' performance plans and evaluations as required, the directorate cannot be sure that component chiefs are fully implementing management integration.
RecommendationsOur recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director: Team: Phone:GAO-10-131, Department of Homeland Security: Actions Taken Toward Management Integration, but a Comprehensive Strategy Is Still Needed
This is the accessible text file for GAO report number GAO-10-131
entitled 'Department of Homeland Security: Actions Taken Toward
Management Integration, but a Comprehensive Strategy Is Still Needed'
which was released on December 15, 2009.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as part
of a longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to the Subcommittee on Oversight of Government Management, the
Federal Workforce, and the District of Columbia, Committee on Homeland
Security and Governmental Affairs, U.S. Senate:
United States Government Accountability Office:
GAO:
November 2009:
Department of Homeland Security:
Actions Taken Toward Management Integration, but a Comprehensive
Strategy Is Still Needed:
GAO-10-131:
GAO Highlights:
Highlights of GAO-10-131, a report to the Subcommittee on Oversight of
Government Management, the Federal Workforce, and the District of
Columbia, Committee on Homeland Security and Governmental Affairs, U.S.
Senate.
Why GAO Did This Study:
Significant management challenges exist for the Department of Homeland
Security (DHS) as it continues to integrate its varied management
processes, policies, and systems in areas such as financial management
and information technology. These activities are primarily led by the
Under Secretary for Management (USM), department management chiefs, and
management chiefs in DHS‘s seven components. GAO was asked to examine:
(1) the extent to which DHS has developed a comprehensive strategy for
management integration that includes the characteristics recommended in
GAO‘s 2005 report; (2) how DHS is implementing management integration;
and (3) the extent to which the USM is holding the department and
component management chiefs accountable for implementing management
integration through reporting relationships. GAO reviewed DHS plans and
interviewed management officials in DHS‘s headquarters and in all
components.
What GAO Found:
DHS has not yet developed a comprehensive strategy for management
integration as required by the 9/11 Commission Act of 2007 and with the
characteristics GAO recommended in a 2005 report. Although DHS stated
in response to the 2005 report that it was developing an integration
strategy, it has not yet done so, in part because it has focused on
building operations capacity within functional management areas. In the
absence of a comprehensive management integration strategy, DHS
officials stated that documents such as management directives and
strategic plans address aspects of a management integration strategy
and can help the department to manage its integration efforts. However,
they do not generally include all of the strategy characteristics GAO
identified, such as identifying the critical links that must occur
among management initiatives and time lines for monitoring the progress
of these initiatives. In addition, DHS has increased the number of
performance measures for the Management Directorate, but has not yet
established measures for assessing management integration across the
department, although DHS officials stated that the department intends
to do so. Without these measures DHS cannot assess its progress in
implementing and achieving management integration.
In the absence of a comprehensive strategy, DHS‘s Management
Directorate has implemented management integration through certain
initiatives and mechanisms to communicate and consolidate management
policies, processes, and systems. The directorate uses councils to
communicate information related to the implementation of management
initiatives, among other things. The directorate has also established
governance boards and processes to manage specific activities. Further,
the directorate is in the process of consolidating certain management
systems. However, without a documented management integration strategy,
it is difficult for DHS, Congress, and other key stakeholders to
understand and monitor the critical linkages and prioritization among
these various efforts.
The USM and department and component management chiefs are held
accountable for implementing management integration through reporting
relationships at three levels”between the Secretary and the USM, the
USM and department chiefs, and the department and component chiefs”in
which, among other things, the Secretary of Homeland Security, USM, and
department chiefs are required to provide input into performance plans
and evaluations. The Deputy Secretary”through delegation from the
Secretary”and the USM have provided input into the USM‘s and department
chiefs‘ plans and evaluations, respectively. Although department chiefs
are required by management directives to provide component chiefs with
written objectives at the start of the annual performance cycle, in
fiscal year 2009 only two out of six department chiefs provided such
input to component chiefs. Without ensuring that the management chiefs
provide input into component chiefs‘ performance plans and evaluations
as required, the directorate cannot be sure that component chiefs are
fully implementing management integration.
What GAO Recommends:
Once DHS develops a management integration strategy, GAO recommends
that it establish performance measures for assessing management
integration, and that it fully implement its current performance
management policies between the department and component management
chiefs. DHS‘s USM commented that DHS is taking certain actions to
address our recommendations.
View GAO-10-131 or key components. For more information, contact
Bernice Steinhardt at (202) 512-6543 or steinhardtb@gao.gov, or David
Maurer at (202) 512-8777 or maurerd@gao.gov.
[End of section]
Contents:
Letter:
Background:
Departmental Documents Address Aspects of Management Integration, but
DHS Has Not Yet Developed a Comprehensive Strategy:
DHS's Management Directorate Has Taken Actions to Communicate and
Consolidate Management Policies, Processes, and Systems:
Performance Management Practices Could Be More Consistently Applied
Departmentwide to Strengthen Reporting Relationships between Department
and Component Management Chiefs:
Conclusions:
Recommendations for Executive Action:
Agency Comments and Our Evaluation:
Appendix I: Comments from the Department of Homeland Security:
Appendix II: GAO Contact and Staff Acknowledgments:
Related GAO Products:
Tables:
Table 1: Assessment of the Extent to Which DHS Documents Include GAO-
Recommended Characteristics of a Management Integration Strategy:
Table 2: DHS Management Directorate Fiscal Years 2008 and 2009
Performance Measures:
Table 3: DHS's Management Councils:
Table 4: DHS Governance Boards:
Figures:
Figure 1: DHS Organizational Structure:
Figure 2: DHS Management Directorate's Organizational Structure:
Figure 3: Line of Sight Linking Organizational and Individual Goals and
Objectives for DHS Data Consolidation:
Abbreviations:
ARB: Acquisition Review Board:
CAO: Chief Administrative Officer:
CBP: Customs and Border Protection:
CFO: Chief Financial Officer:
CHCO: Chief Human Capital Officer:
CIO: Chief Information Officer:
CMO: Chief Management Officer:
COO: Chief Operating Officer:
CPO: Chief Procurement Officer:
CSO: Chief Security Officer:
DHS: Department of Homeland Security:
EAB: Enterprise Architecture Board:
eMerge2: Electronically Managing Enterprise Resources for Government
Effectiveness and Efficiency:
FEMA: Federal Emergency Management Agency:
FYHSP: Future Years Homeland Security Program:
HCA: Head of Contract Authority:
HCLC: Human Capital Leadership Council:
ICE: Immigration and Customs Enforcement:
IG: Inspector General:
NPPD: National Protection and Programs Directorate:
PPBE: Planning, Programming, Budget, and Execution:
PRB: Program Review Board:
QHSR: Quadrennial Homeland Security Review:
SES: Senior Executive Service:
SMC: Senior Management Council:
TASC: Transformation and Systems Consolidation:
TSA: Transportation Security Administration:
USCIS: United States Citizenship and Immigration Services:
USM: Under Secretary for Management:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
November 20, 2009:
The Honorable Daniel K. Akaka:
Chairman:
The Honorable George V. Voinovich:
Ranking Member:
Subcommittee on Oversight of Government Management, the Federal
Workforce, and the District of Columbia:
Committee on Homeland Security and Governmental Affairs:
United States Senate:
The creation of the Department of Homeland Security (DHS) represented
one of the largest reorganizations and consolidations of government
agencies, personnel, programs, and operations in recent history,
initially bringing together approximately 180,000 employees from 22
originating agencies.[Footnote 1] DHS is now the third largest federal
government agency with more than 200,000 employees and an annual budget
of more than $40 billion. DHS began operations in March 2003 with
missions that included preventing terrorist attacks from occurring
within the United States, reducing U.S. vulnerability to terrorism,
minimizing damages from attacks that occur, and helping the nation
recover from any attacks. The department has initiated and continued
the implementation of various policies and programs to address these
missions as well as missions that are not directly related to securing
the homeland, such as Coast Guard search and rescue. At the same time,
it is critically important that DHS works to unify and strengthen its
management functions because the effectiveness of these functions will
ultimately affect its ability to fulfill its various missions.[Footnote
2]
In 2005, we assessed DHS efforts to integrate its various management
processes, systems, and people, both within and across areas such as
information technology, financial management, procurement, and human
capital, as well as in its administrative services--using as criteria
selected key practices we have reported are consistently found to be at
the center of successful mergers and organizational transformations.
[Footnote 3] We noted that DHS had made progress in addressing its
departmentwide management integration through the issuance of guidance
and plans to assist the integration of each individual management
function within the department. However, we observed that DHS had the
opportunity to expand those efforts by implementing a more
comprehensive and sustained approach to management integration
departmentwide. In particular, we recommended that DHS develop an
overarching strategy for management integration. In response to the
2005 report, DHS stated that it was developing an integration strategy.
We also suggested that Congress might want to consider whether DHS's
Under Secretary for Management (USM)--who heads the department's
Management Directorate--has the authority to drive, implement, and
ensure accountability for management integration departmentwide.
You asked us to review the status of DHS management integration efforts
since our 2005 report. Specifically, we assessed (1) the extent to
which DHS has developed a comprehensive strategy for management
integration that includes the characteristics recommended in our 2005
report; (2) how DHS is implementing management integration; and (3) the
extent to which the USM is holding the department and component
management chiefs accountable for implementing management integration
through reporting relationships.
To address our first objective, we considered whether DHS had developed
a strategy for departmentwide management integration, as required by
law. Specifically, we assessed whether DHS documents included the
characteristics recommended in our 2005 report for a management
integration strategy, which required that the strategy:
* look across the initiatives within each of the management functional
units;
* clearly identify the critical links that must occur among these
initiatives;
* identify tradeoffs and set priorities;
* set implementation goals and a time line to monitor the progress of
these initiatives to ensure the necessary links occur when needed; and:
* identify potential efficiencies, and ensure that they are achieved.
In order to assess these characteristics, we reviewed various
departmental documents identified by DHS as comprising its management
integration strategy, including DHS documents related to management,
strategic planning, and departmental guidance and policy. We examined
legislation, including the Homeland Security Act of 2002[Footnote 4]
and the Implementing Recommendations of the 9/11 Commission Act of
2007,[Footnote 5] which identifies requirements and authorities
relating to transition, reorganization, and developing and implementing
a management integration strategy. We also interviewed departmental and
component management officials and chiefs to obtain information on the
extent to which DHS has developed a strategy for departmentwide
management integration. Additionally, we reviewed DHS's performance
goals and measures for fiscal years 2008 and 2009, as reported in DHS's
Annual Performance Report for fiscal years 2008 through 2010. We
assessed these goals and measures against Government Performance and
Results Act of 1993 (GPRA) requirements to determine the extent to
which they provided a framework for assessing management integration
across the department.[Footnote 6]
For our third objective, we met with the USM as well as department and
component management chiefs, and reviewed DHS performance agreements
and performance management activities against requirements set forth in
law and in DHS policies. These requirements include the need for input
from senior to subordinate officials for performance agreements and
evaluations, and the alignment of goals and objectives in a "line of
sight" that shows how individual performance contributes to
organizational goals.
For all three objectives, we interviewed and gathered documents from
the USM, the USM's Chief of Staff, the six departmental management
chiefs or acting chiefs--the Chief Procurement Officer (CPO), the Chief
Financial Officer (CFO), the Chief Human Capital Officer (CHCO), the
Chief Information Officer (CIO), the Chief Administrative Officer
(CAO), and the Chief Security Officer (CSO)--and the chiefs, acting
chiefs, or deputy chiefs from DHS's seven component agencies and one
directorate--the National Protection and Programs Directorate (NPPD).
[Footnote 7] DHS's seven component agencies include the Transportation
Security Administration (TSA), U.S. Customs and Border Protection
(CBP), U.S. Immigration and Customs Enforcement (ICE), U.S. Citizenship
and Immigration Services (USCIS), U.S. Secret Service, U.S. Coast
Guard, and the Federal Emergency Management Agency (FEMA). We also
spoke with officials from DHS's Office of Policy. We observed meetings
of DHS's Management Council, Human Capital Leadership Council and CIO
Council.
In addition, we reviewed prior GAO reports on DHS management in areas
such as information technology, financial management, procurement,
acquisition, human capital, and mergers and organizational
transformations to determine the status of DHS management integration.
We also examined reports from DHS's Office of Inspector General (IG)
related to the status of DHS's management initiatives.
We conducted this performance audit from September 2008 through
November 2009 in accordance with generally accepted government auditing
standards. Those standards require that we plan and perform the audit
to obtain sufficient, appropriate evidence to provide a reasonable
basis for our findings and conclusions based on our audit objectives.
We believe that the evidence obtained provides a reasonable basis for
our findings and conclusions based on our audit objectives.
Background:
Not since the creation of the Department of Defense in 1947 has the
federal government undertaken an organizational merger of the magnitude
of DHS. In 2003, we designated the implementation and transformation of
DHS as one of the high-risk areas across the federal government because
it represented an enormous undertaking that would require time to
achieve in an effective and efficient manner.[Footnote 8] Moreover, the
components that became part of the department already faced a wide
array of existing challenges, and any failure to effectively carry out
their missions would expose the nation to potentially serious
consequences. The department has remained on our high-risk list since
2003.[Footnote 9] Most recently, in our January 2009 high-risk update,
we reported that, although DHS had made progress in transforming into a
fully functioning department, its transformation remained high risk
because it had not yet developed a comprehensive plan to address the
transformation, integration, management, and mission challenges we
identified in 2003.[Footnote 10] In designating the implementation and
transformation of DHS as high risk, we noted that building an effective
department would require consistent and sustained leadership from top
management to ensure the needed transformation of disparate agencies,
programs, and missions into an integrated organization. Our prior work
on mergers and organizational transformations, undertaken before the
creation of DHS, found that successful transformations of large
organizations can take at least 5 to 7 years to achieve.[Footnote 11]
Definition of Management Integration:
A definition of management integration provides a starting point for
understanding the needs and requirements for integrating management
functions. Based on our 2005 work, we define management integration as
the development of consistent and/or consolidated processes, systems,
and people--in areas such as information technology, financial
management, procurement, and human capital--as well as in its security
and administrative services, for greater efficiency and effectiveness.
[Footnote 12]
* On one level, management integration refers to integration of the
elements mentioned above--processes, systems, and people--within
management functions (sometimes referred to as vertical integration),
from the department level down through each of the corresponding
management functions in the component agencies. An example of this is
the use of consistent human capital management policies at the DHS CHCO
level and for each of the corresponding component agency human capital
management functions.
* On another level, management integration refers to integration of the
elements mentioned across management functions (sometimes referred to
as horizontal integration), such as the integration of human capital
management and financial management activities in areas related to
payroll.
In February 2009, DHS's Management Directorate provided us with a
definition of its approach and responsibilities for implementing
management integration in the department. According to the Management
Directorate, DHS defines management integration as including three
different levels of activities: (1) strategic integration, (2)
operational coordination, and (3) functional integration. The
directorate further stated that the first level, strategic integration,
consists of efforts to ensure that all component activities and
acquisitions align with DHS mission goals through appropriate
leadership oversight and policies and procedures. The second level,
operational coordination, consists of the delivery of management
services in order to increase cross-component collaboration and reduce
costs by achieving efficiencies for managing assets such as real
property, for procuring volume discounts of supplies and services, and
acquiring common technology platforms through shared information
technology infrastructure. The third level, functional integration,
consists of, among other things, management oversight of component-
level internal controls and standard operating policies to ensure
departmentwide compliance with presidential directives, congressional
mandates, and other legal requirements and DHS policies; and consistent
business practices that support financial reporting and operational
assurance statements.
DHS Management Roles and Responsibilities:
The Management Directorate includes the CFO, the CSO, the CHCO, the
CAO, the CPO, and the CIO. They are referred to as the departmental
management chiefs. In addition to the department's Management
Directorate, each of the seven DHS component agencies has its own
component management chief for the procurement, financial, human
capital, information technology, administrative, and security
management areas.[Footnote 13] Figures 1 and 2 show the DHS and DHS
Management Directorate's organizational structures.
Figure 1: DHS Organizational Structure:
[Refer to PDF for image: organizational chart]
Top level:
Secretary;
* Deputy Secretary;
* Chief of Staff.
Second level, reporting to the Office of the Secretary:
* Management: Under Secretary;
* Science &Technology: Under Secretary;
* National Protection & Programs: Under Secretary;
* Policy: Under Secretary;
* General Counsel;
* Legislative Affairs: Assistant Secretary;
* Public Affairs: Assistant Secretary;
* Inspector General.
Third level, reporting to the Office of the Secretary:
* Health Affairs: Assistant Secretary/Chief Medical Officer;
* Intelligence & Analysis: Under Secretary;
* Operations Coordination: Under Secretary;
* Citizenship & Immigration Services Ombudsman;
* Chief Privacy Officer;
* Civil Rights & Civil Liberties: Officer;
* Counternarcotics Enforcement: Director.
Fourth level, reporting to the Office of the Secretary:
* Federal Law Enforcement Training Center: Director;
* Domestic Nuclear Detection Office: Director;
* National Cyber Security Center: Director;
Fifth level, reporting to the Office of the Secretary:
* Transportation Security Administration: Assistant
Secretary/Administrator;
* U.S. Customs & Border Protection: Commissioner;
* U.S. Citizenship & Immigration Services: Director;
* U.S. Immigration& Customs Enforcement: Assistant Secretary;
* U.S. Secret Service: Director;
* Federal Emergency Management Agency: Administrator;
* U.S. Coast Guard: Commandant.
Source: GAO analysis of DHS documents.
[End of figure]
Figure 2: DHS Management Directorate's Organizational Structure:
[Refer to PDF for image: organizational chart]
Top level:
Under Secretary for Management;
* Deputy Under Secretary;
* Chief of Staff.
Second level, reporting to the Office of the Under Secretary for
Management:
* Chief Financial Officer[A];
* Chief Security Officer;
* Chief Human Capital Officer;
* Chief Administrative Officer;
* Chief Procurement Officer;
* Chief Information Officer.
Source: GAO analysis of DHS documents.
[A] The Department of Homeland Security Financial Accountability Act (§
3 of Pub. L. No. 108-330, 118 Stat. 1275, 1276 (Oct. 16, 2004)) made
DHS subject to the Chief Financial Officers Act of 1990 (Pub. L. No.
101-576, 104 Stat. 2838, Nov. 15, 1990), which requires the DHS CFO to
also report directly to the Secretary of Homeland Security.
[End of figure]
The Homeland Security Act of 2002 gave DHS's USM responsibility for the
management and administration of the department, including the
transition and reorganization process, among other things.[Footnote 14]
The Implementing Recommendations of the 9/11 Commission Act of 2007 (9/
11 Commission Act) enhanced the USM position by designating the USM as
the Chief Management Officer (CMO) of DHS and principal advisor to the
Secretary on matters related to the management of the department,
including management integration and transformation.[Footnote 15] DHS
also defined the USM responsibilities for integration in department
management directives following the creation of the department. For
example, a DHS management directive assigns the USM responsibility and
accountability for designing departmentwide integrated systems to
improve mission support. Within the Management Directorate, the
management chiefs' roles and responsibilities for the integration of
the department are established in DHS management directives. For
example, DHS management directives give the departmental management
chiefs responsibility to ensure the integration of their management
function and to review their programs in order to recommend program
improvements and corrective actions where appropriate. DHS management
directives also require the departmental management chiefs to annually
establish milestones for the integration of their management function's
activities. Component management chiefs are to implement initiatives
within their respective functional areas that relate to management
integration.
In 2004, the Secretary of Homeland Security issued a departmentwide
memo on DHS efforts to integrate management functions. In order to
ensure that both department and component personnel took responsibility
for supporting performance of management functions, the memo describes
the concept of dual accountability in which both the heads of component
agencies, such as TSA or CBP, and the DHS management chiefs, such as
CPO or CIO, share responsibility for implementing management functions.
For example, the TSA Administrator and DHS's CPO are both responsible
to the DHS Secretary, through their respective chains, for procurement
performance at TSA. An accompanying memo from the Deputy Secretary of
Homeland Security in 2004 noted that component agency heads would be
responsible for accomplishing the mission of their component agencies,
and management chiefs would be responsible for providing the support
systems to help components accomplish their mission. The memos also set
out the "dotted line" reporting relationship of the component
management chiefs, such as TSA's CPO or CBP's CIO, to the department
management chiefs, DHS's CPO or DHS's CIO. Resulting management
directives were developed for each DHS management function in 2004 as
principal documents for leading, governing, integrating, and managing
the management functions throughout DHS. These management directives
require DHS management chiefs to collaborate with component agency
heads on the recruiting and selection of key component management
officials, and provide input into component management chiefs'
performance agreement and evaluation, among other things.
Departmental Documents Address Aspects of Management Integration, but
DHS Has Not Yet Developed a Comprehensive Strategy:
The 9/11 Commission Act requires DHS to develop a strategy for
management integration as part of the department's integration and
transformation to create a more efficient and orderly consolidation of
functions and personnel in the department.[Footnote 16] In our 2005
report, we recommended that DHS develop an overarching management
integration strategy for the department that would, at a minimum, have
the following characteristics:
* look across the initiatives within each of the management functional
units;
* clearly identify the critical links that must occur among these
initiatives;
* identify trade-offs and set priorities;
* set implementation goals and a time line to monitor the progress of
these initiatives to ensure the necessary links occur when needed; and:
* identify potential efficiencies, and ensure that they are achieved.
[Footnote 17]
We pointed out that a comprehensive management integration strategy
would, among other things, help the department look across initiatives
within each of the functional units to clearly identify the links that
must occur among initiatives and develop specific departmentwide goals
and milestones that would allow DHS to track critical phases and
essential activities. By including these characteristics in DHS's
management integration strategy, we said that Congress, DHS employees,
and other key stakeholders would have access to more transparent
information regarding departmental integration goals, needed resources,
critical links, cost savings, and status documentation, thereby
providing a means by which DHS could be held accountable for its
management integration efforts. In commenting on our 2005 report, DHS
discussed actions it was taking to address our recommendation that it
develop a management integration strategy, stating that it was
establishing an integrated project plan/integration strategy that would
define roles and responsibilities and identify key deliverables and
milestones.
Although DHS Identified Various Documents That Support Management
Integration, These Documents Do Not Contain All the Characteristics of
a Comprehensive Strategy:
DHS has not yet developed a comprehensive strategy for management
integration that is consistent with statute and that contains all of
the characteristics we identified in 2005. According to DHS's USM, the
department has not yet developed a comprehensive management integration
strategy because, in part, the Management Directorate has focused on
building the management operations capacity within the functional
areas, such as financial management and information technology. As a
result, the Management Directorate has not yet focused on integration
across the functional areas and has not clearly or systematically
identified trade-offs and linkages among initiatives in different
functional areas.
In the absence of a comprehensive management integration strategy,
DHS's USM, Chief of Staff, and department and component management
chiefs stated that various departmental documents collectively
contribute to the department's strategy for implementing and achieving
management integration. In particular, DHS officials identified (1)
departmentwide documents that provide guidance that relate to
management integration across the department; and (2) documents for
management of functional areas.
With regard to the departmentwide documents, DHS officials included the
following as particularly relevant to aspects of management
integration:
* DHS Integrated Strategy for High Risk Management. This document is
intended to be a corrective action plan outlining the department's
framework for its transformation efforts and methods by which the
department will seek to improve performance in high-risk areas we have
identified since 2003.[Footnote 18] For the high-risk area of DHS
implementation and transformation, the document discusses five areas of
focus for the department--utilizing a management framework to unify 22
disparate organizations, creating joint requirements planning and risk
assessment processes, instituting an Investment Review Board,
implementing a corrective action plan, and consolidating and
integrating a financial management system.
* Management Directorate Strategic Plan Fiscal Years 2009 through 2014.
This plan sets out the Management Directorate's vision, core values,
guiding principles, goals and objectives, as well as the organizational
structure and responsibilities of the Management Directorate and
department management chiefs. The plan provides the following four
objectives for the Management Directorate: (1) provide structure
(strengthen unified organizational governance to enhance departmentwide
communication, decision making, and oversight); (2) optimize processes
and systems (integrate functional operations to facilitate cross-
component synergies and streamline coordination ensuring reliable and
efficient support of mission objectives); (3) foster leadership (adhere
to core values and guiding principles of DHS in performing duties,
effecting progress, and leading with commitment for the mission); and
(4) leverage culture (leverage the benefits of commonalities and
differences across components to promote cooperative intra-and inter-
agency networks and implement best practices). The plan also discusses
four methods that the Management Directorate will use to achieve the
plan's objectives--provide guidance, offer representation, deliver
tools, and manage services.
* Integrated Planning Guidance Fiscal Years 2011 through 2015. This
document describes the DHS Secretary's policy and planning priorities
for the 5-year budget time frames, such as for fiscal years 2011
through 2015. The Integrated Planning Guidance is part of the DHS
strategic planning process and, among other things, provides general
risk management guidance for prioritizing programming and budget
proposals within the department.
* Future Years Homeland Security Program (FYHSP) Fiscal Years 2009
through 2013. This document provides a summary and breakdown of DHS
program resources over a 5-year period; including resource alignment by
goals, component appropriations, and component programs, as well as
program descriptions, milestones, performance measures, and targets. In
the fiscal year 2009 through 2013 FYHSP, DHS projected funding for 65
priority programs within 13 components in support of the five goals of
the DHS Strategic Plan.
Internal Control Playbook Fiscal Year 2009. This document comprises
DHS's plan to design and implement departmentwide internal controls
with respect to three areas: (1) internal controls over financial
reporting (which provides an overview of efforts to establish reliable
financial reporting); (2) internal controls over operations (which
outlines plans to maximize the effectiveness and efficiency of
operations); and (3) conformity with financial management system
requirements (which summarizes efforts to strengthen the internal
controls over the department's financial systems). Specific examples of
these internal control areas include: integrating internal control
assessments across component lines of business, integrating financial
system security assessments through tests of operating effectiveness,
and incorporating results into plans of action and milestones.
With regard to functional area documents, DHS officials indicated that
both management directives and functional area strategic plans contain
elements of the department's strategy for achieving management
integration. DHS issued management directives for each of the six
department management chiefs--the CAO, CFO, CHCO, CIO, and CPO
management directives were issued in 2004 (with updates for the CIO and
CPO in 2007 and 2008, respectively); the management directive for CSO
was issued in 2006. These directives communicate standard definitions
of the management chiefs' respective roles and responsibilities; define
the concept of dual accountability for both mission accomplishment and
functional integration as the shared responsibility of the heads of
DHS's individual agencies or components and the department management
chiefs; and establish the need for the department management chiefs,
along with the heads of agencies, to annually recommend and establish
integration milestones for the consolidation of the chiefs' functions.
Functional area strategic plans generally discuss, among other things,
the missions and goals of the department management chiefs and the link
between the goals and objectives in each functional area strategic plan
and the goals and objectives in DHS's Strategic Plan. Among the six
department chiefs, four have issued strategic plans for their
functional areas--the CAO, CIO, CHCO, and CSO.[Footnote 19]
While some of the documents DHS officials identified as contributing to
the department's strategy for implementing and achieving management
integration address some of the characteristics we have previously
identified for such a strategy, these documents, either individually or
taken together, do not include all of the characteristics we have
identified. These documents described by DHS officials as contributing
to the department's strategy for achieving management integration can
provide high-level guidance for integration efforts and can help the
department to manage those efforts. For example, two of the functional
area strategic plans set goals, objectives, and milestones for
implementing certain initiatives within functional areas. Moreover, the
Management Directorate Strategic Plan and other departmentwide
documents, for example, set performance goals, measures, and targets
for achieving certain management initiatives. Such elements as goals,
objectives, milestones, performance targets, and priorities documented
in these plans and strategies can help the department to manage,
implement, and monitor the specific initiatives to which these elements
apply. They can also help to guide efforts to consolidate policies,
processes, and systems within each management functional area. However,
among the documents cited by DHS officials as being part of the
department's management integration strategy, DHS has not yet looked
across the management initiatives within management functional areas to
identify the critical links that must occur among these initiatives to
integrate the department's management functions both within and across
functional areas. Furthermore, the documents generally do not identify
the priorities, trade-offs, and potential efficiencies among management
initiatives, nor do they set implementation goals and a time line for
monitoring the progress of initiatives to ensure the critical links
occur when needed. Thus, when considered either individually or
together these documents do not constitute a management integration
strategy containing all of the characteristics we have identified. See
table 1 for more detailed information on the plans.
Table 1: Assessment of the Extent to Which DHS Documents Include GAO-
Recommended Characteristics of a Management Integration Strategy:
GAO-recommended characteristics of a management integration strategy:
Departmentwide documents:
DHS documents: DHS Integrated Strategy for High Risk Management;
Look across initiatives within each of the management functional units:
The strategy identifies various management initiatives, such as the
Investment Review Board and consolidation of the department's various
financial management systems. However, the strategy does not look
across initiatives within all of the management functional areas;
Clearly identify the critical links that must occur among these
initiatives:
The strategy does not identify the critical links that must occur among
initiatives;
Identify trade-offs and set priorities:
The strategy identifies the five areas of focus, or priorities, for the
department to address the GAO high-risk area, implementing and
transforming DHS: (1) a management framework, (2) joint requirements
planning and risk assessment processes, (3) the Investment Review
Board, (4) corrective action plans, and (5) financial management
systems. However, the strategy does not discuss trade-offs among
management initiatives;
Set implementation goals and a time line to monitor the progress of
these initiatives to ensure the necessary links occur when needed:
Under each of the five areas of focus, the strategy identifies expected
outcomes, accomplishments and actions to be completed, and high-level
milestones for completing those actions. However, the strategy does not
identify a time line for monitoring the progress of the initiatives
that would allow the department to ensure necessary links occur when
needed;
Identify potential efficiencies and ensure that they are achieved:
Departmentwide documents: The strategy does not identify potential
efficiencies.
DHS documents: Management Directorate Strategic Plan 2009 through 2014;
Look across initiatives within each of the management functional units:
This strategic plan identifies initiatives for each management
objective. However, the strategic plan does not look across initiatives
within all of the management functional areas;
Clearly identify the critical links that must occur among these
initiatives:
This strategic plan does not identify the critical links that must
occur among initiatives;
Identify trade-offs and set priorities:
This strategic plan identifies four overall objectives for the
Management Directorate--provide structure, optimize processes and
systems, foster leadership, and leverage culture--and sets priorities
such as aligning investments to the department's enterprise
architecture under the objectives. The strategic plan does not identify
trade-offs;
Set implementation goals and a time line to monitor the progress of
these initiatives to ensure the necessary links occur when needed:
Under each objective, the strategic plan includes performance measures
and targets for specific management initiatives for fiscal years 2009
through 2014. The strategic plan does not include a time line for
monitoring the progress of the initiatives that would allow the
department to ensure necessary links occur when needed;
Identify potential efficiencies and ensure that they are achieved:
The strategic plan does not discuss potential efficiencies.
DHS documents: Integrated Planning Guidance, Fiscal Years 2011 through
2015;
Look across initiatives within each of the management functional units:
The Integrated Planning Guidance provides a description of
departmentwide initiatives, such as asset management and mail
operations. However, the guidance does not look across the initiatives
that occur within each management functional area;
Clearly identify the critical links that must occur among these
initiatives:
The guidance does not identify the critical links that must occur among
initiatives;
Identify trade-offs and set priorities:
The guidance does not identify priorities or trade-offs for management
initiatives;
Set implementation goals and a time line to monitor the progress of
these initiatives to ensure the necessary links occur when needed:
The guidance does not set implementation goals or a time line for
monitoring the progress of management initiatives to ensure necessary
links occur when needed;
Identify potential efficiencies and ensure that they are achieved:
The guidance does not discuss potential efficiencies.
DHS documents: FYHSP, Fiscal Years 2009 through 2013;
Look across initiatives within each of the management functional units:
The FYHSP identifies initiatives such as establishment of a DHS
consolidated headquarters facility and the consolidation of component
agencies' financial management systems, but does not look across
initiatives within each management functional area;
Clearly identify the critical links that must occur among these
initiatives:
The FYHSP does not identify the critical links that must occur among
initiatives;
Identify trade-offs and set priorities:
The FYHSP discusses actions and priorities for the department
management chiefs to implement for fiscal years 2009 through 2013, such
as for the CFO to maintain and update a comprehensive financial
management policy manual and for the CAO to design and complete various
phases of the St. Elizabeths' construction for the consolidation of DHS
headquarters facilities. The FYHSP does not identify trade-offs;
Set implementation goals and a time line to monitor the progress of
these initiatives to ensure the necessary links occur when needed:
The FYHSP identifies the performance goals and measures for the
Management Directorate and sets performance targets for fiscal years
2009 through 2013. The FYHSP also identifies actions to be completed in
each fiscal year by the Management Directorate. The FYHSP does not set
implementation goals or a time line for monitoring the progress of
management initiatives to ensure necessary links occur between
initiatives when needed;
Identify potential efficiencies and ensure that they are achieved:
The FYHSP does not discuss potential efficiencies.
DHS documents: Internal Control Playbook, Fiscal Year 2009;
Look across initiatives within each of the management functional units:
The playbook identifies initiatives and actions for management
improvement, with an emphasis on strengthening component management
functions. Corrective action plans are included for areas such as,
human capital management, acquisition management, and administrative
management, but does not look across initiatives in each functional
area;
Clearly identify the critical links that must occur among these
initiatives:
The playbook does not identify the critical links that must occur among
initiatives;
Identify trade-offs and set priorities:
Within corrective action plans for each area, the playbook addresses
corrective actions to be implemented and identifies strategies to
mitigate risk to those corrective actions. However, the playbook does
not identify priorities and trade-offs among the initiatives;
Set implementation goals and a time line to monitor the progress of
these initiatives to ensure the necessary links occur when needed:
Within corrective actions for each area, the playbook identifies key
strategies and milestones for implementing corrective actions. However,
these goals and milestones do not allow the department to ensure that
the necessary links occur when needed among the initiatives;
Identify potential efficiencies and ensure that they are achieved:
Some corrective action plans identify potential efficiencies that
relate to the DHS mission, but none of the corrective action plans
identify potential efficiencies across functional areas.
Functional area documents:
DHS documents: Management directives;
Look across initiatives within each of the management functional units:
The management directives are focused on management functions, but do
not look across initiatives within each functional area;
Clearly identify the critical links that must occur among these
initiatives:
The management directives do not identify the critical links that must
occur among initiatives;
Identify trade-offs and set priorities:
The management directives do not identify trade-offs and priorities for
or across management initiatives;
Set implementation goals and a time line to monitor the progress of
these initiatives to ensure the necessary links occur when needed:
The management directives do not identify implementation goals and a
time line for monitoring the progress of specific initiatives to ensure
necessary links occur when needed. The management directives indicate
that management chiefs are to establish integration milestones for the
consolidation of the chiefs' functions and develop performance metrics
for the respective functions;
Identify potential efficiencies and ensure that they are achieved:
The management directives do not identify potential efficiencies.
DHS documents: Functional area strategic plans;
Look across initiatives within each of the management functional units:
The plans cite functional areas' management initiatives, but do not
look across the initiatives that occur within each of the functional
areas;
Clearly identify the critical links that must occur among these
initiatives:
The plans do not identify the critical links that must occur among
initiatives;
Identify trade-offs and set priorities:
Two functional area strategic plans--CIO and CHCO, for example--provide
priorities within each functional area. A third strategic plan, for the
CAO, does not specify particular priority areas, although it speaks to
the importance of developing such priorities. The CSO strategic plan
does not identify priorities, and none of the functional area strategic
plans discusses trade-offs;
Set implementation goals and a time line to monitor the progress of
these initiatives to ensure the necessary links occur when needed:
Three functional area strategic plans--CIO, CHCO, and CAO--provide
strategic/implementation goals. Two of these plans also provide time
lines for completing individual initiatives. None of the plans identify
time lines for monitoring the progress of the initiatives to ensure
necessary links occur when needed;
Identify potential efficiencies and ensure that they are achieved:
Two functional area strategic plans--CIO and CHCO--identify potential
efficiencies within each functional area, but do not identify potential
efficiencies across functional areas. The CAO strategic plan provides a
more generic statement that DHS is seeking to analyze and optimize
existing structures to generate efficiencies.
Source: GAO analysis of DHS documents.
[End of table]
In addition to these functional area and departmentwide documents, DHS
officials identified three other documents that are related to
management integration: (1) the DHS Strategic Plan; (2) the Quadrennial
Homeland Security Review (QHSR); and (3) the Business Operations
Manual. The DHS Strategic Plan includes, among other things, the
department's vision, mission, core values, and guiding principles, as
well as the goals and objectives by which the department will
continually assess performance.[Footnote 20] The department's latest
strategic plan for fiscal years 2008 through 2013 includes five
strategic-level goals related to the department's mission and
management functions. Goal 5 of this plan--"Strengthen and Unify DHS
Operations and Management"--sets out the department's goal for its
management functions; information and intelligence sharing; and policy,
planning, and coordination functions.[Footnote 21] Under this goal, the
first objective describes what the department plans to achieve for its
management functions, through the Management Directorate, and includes
a reference to achieving management integration.[Footnote 22]
Specifically, Objective 5.1--"Improve Department Governance and
Performance"--states that the department will lead efforts that provide
structure to enhance departmentwide governance, decision making, and
oversight, including internal controls and performance management
tracking, and optimize processes and systems to facilitate integration
and coordination. DHS's Strategic Plan sets out strategic-level goals
and objectives for the department's overall mission and management
functions but is not intended to constitute a management integration
strategy. As we have previously reported, a management integration
strategy goes beyond what is contained in an agency strategic plan, as
it provides the more specific operational and tactical information to
manage the integration effort.[Footnote 23] A strategic plan contains
the high-level goals and mission for an agency, while a management
integration strategy would provide the activities and time lines needed
for accomplishing the goals of the integration effort.
As required by the 9/11 Commission Act, DHS is developing its first
QHSR to conduct a comprehensive examination of the homeland security
strategy for the nation, including recommendations regarding the long-
term strategy, priorities for homeland security, and guidance on the
programs, assets, capabilities, budget, policies, and authorities of
the department.[Footnote 24] The QHSR includes five principal study
areas, based on the Secretary's priorities for homeland security, one
of which is maturing and unifying DHS and the homeland security
enterprise.[Footnote 25] DHS is also developing a Business Operations
Manual that, according to DHS officials, will provide an overview of
the key DHS processes including strategic requirements planning, risk
assessment, programming, budgeting, acquisition, and performance
assessment, and will also show how these processes link together to
ensure coordinated decision making. As the QHSR and Business Operations
Manual are still under development, it is too soon to tell whether or
how these documents will contribute to DHS's management integration
efforts.
DHS Has Expanded Its Performance Measures for Individual Management
Functions, but Has Not Yet Established Measures for Departmentwide
Management Integration:
DHS has developed some performance goals and measures to measure
management activities, but has not yet established measures for
assessing management integration across the department. For example,
DHS has increased the number of departmentwide performance measures for
the Management Directorate in support of Goal 5 of its strategic plan.
Specifically, since fiscal year 2008, DHS has added 13 new measures and
retired 3 others for the Management Directorate in support of Objective
5.1 of the strategic plan, going from 5 performance measures for the
Management Directorate in fiscal year 2008 to 15 measures in fiscal
year 2009, as shown in table 2.[Footnote 26] These measures relate to
activities in functional areas but do not help to measure management
integration.
Table 2: DHS Management Directorate Fiscal Years 2008 and 2009
Performance Measures:
DHS Strategic Plan goal: Strategic Goal 5: Strengthen and unify DHS
operations and management;
DHS Strategic Plan objective: Objective 5.1: Improve department
governance and performance;
Fiscal year 2008 performance measure:
* Number of internal control processes tested for design and
operational effectiveness;
* Percentage of major information technology projects that are within
10 per cent of cost/schedule/performance objectives;
* Percentage of President's Management Agenda (PMA) initiatives that
receive a green progress score from the Office of Management and
Budget[A];
* Percentage of favorable responses by DHS employees on the annual
employee survey;
* Total instances of material weakness conditions identified by the
independent auditor in its report on the DHS financial statements.
Fiscal year 2009 performance measure:
* Percentage of favorable responses by DHS employees on the annual
employee survey;
* Total instances of material weakness conditions identified by the
independent auditor in its report on the DHS financial statements;
* Percentage of major investments currently aligned to Agency
Enterprise Architecture;
* Percentage of DHS workforce (employees and contractors) with advanced
identification cards;
* Percentage of major acquisition projects that do not exceed 10 per
cent of cost/schedule/performance objectives;
* Interest penalties paid on all invoices (in millions);
* Percentage of vendors paid electronically;
* Percentage of non-credit card invoices paid on-time;
* Percentage of accounts receivable from the public delinquent over 180
days;
* Percentage of improper payments collected;
* Number of civilian employees serving in the DHS interagency and
intradepartmental Rotation Training Program;
* Percentage of civilian employees in designated positions that are
qualified as National Security Professionals;
* Attrition rate for career senior executive service personnel;
* Percentage annual reduction in petroleum-based fuel consumption by
DHS owned or leased vehicles;
* Percentage of major information technology systems with full Federal
Information Security Management Act compliance.
Source: GAO analysis of information in DHS Annual Performance Report.
[A] The prior administration's Office of Management and Budget
developed a President's Management Agenda scorecard that gave a
"green," "yellow," or "red" score by agency. Green indicates success,
yellow indicates mixed results, and red indicates unsatisfactory
results.
[End of table]
The Government Performance and Results Act of 1993 (GPRA) provides a
framework for strategic planning and reporting intended to improve
federal agencies' performance and hold them accountable for achieving
results.[Footnote 27] Effective implementation of this framework
requires agencies to, among other things, clearly establish performance
goals for which they will be held accountable and measure progress
toward those goals. Although DHS has added measures for the Management
Directorate since fiscal year 2008, DHS has not yet clearly
communicated what the linkages, if any, are between these measures and
the management integration of the department. DHS officials told us
that the department's current measures do not allow the department to
gauge the status of management integration and that the department has
focused on the development of measures for departmental components,
offices, and directorates--such as a measure for the attrition rate for
career Senior Executive Service (SES) personnel and a measure for the
percentage of improper payments collected. However, these performance
measures do not allow the department to assess its progress in
achieving departmental goals for management integration within and
across functional areas. DHS officials stated that the department's
goal is to develop a set of measures that will help the department
assess its management integration. Without such a set of measures, DHS
cannot assess its progress in implementing and achieving management
integration both within and across its functional areas. A
comprehensive strategy for management integration that clearly sets
implementation goals and time lines could help the department establish
measures for assessing its management integration.
DHS's Management Directorate Has Taken Actions to Communicate and
Consolidate Management Policies, Processes, and Systems:
Through various management councils, the Management Directorate shares
information related to the implementation of management initiatives,
solicits feedback from the components, and provides a forum for
coordination between component management offices. The Management
Directorate has several councils that it uses to communicate through
the department, as shown in table 3. Each management chief chairs a
functional council to address issues pertaining to that management
function. For example, the DHS CFO leads a council that includes
component or agency CFOs across DHS and addresses and coordinates
departmentwide financial management issues, such as financial
management internal controls. Likewise, the USM chairs a Management
Council made up of the DHS management chiefs and a representative from
each component that discusses issues of departmentwide importance, such
as training and development programs. DHS management directives give
five of six functional councils responsibility for developing and
executing formal communications programs for internal and external
stakeholders. The functional councils also have charters that generally
define the role of the councils to communicate information and provide
input on goals or priorities within their management function. The
Management Council does not have a formal charter.
Table 3: DHS's Management Councils:
Council: Management Council;
Chair: USM;
Membership: Cross-functional.
Council: Chief Administrative Officer Council;
Chair: CAO;
Membership: Functional.
Council: Chief Financial Officer Council;
Chair: CFO;
Membership: Functional.
Council: Chief Information Officer Council;
Chair: CIO;
Membership: Functional.
Council: Chief Security Officer Council;
Chair: CSO;
Membership: Functional.
Council: Head of Contracting Authority (HCA) Council[A];
Chair: CPO;
Membership: Functional.
Council: Human Capital Leadership Council;
Chair: CHCO;
Membership: Functional.
Source: GAO analysis of DHS documents and interviews.
[A] The HCA Council is the functional council for the procurement
management function.
[End of table]
We found the Management Directorate uses the councils to share
information related to management initiatives with their counterparts
from the components and solicit their input on departmentwide issues.
For example, when we observed the Human Capital Leadership Council
(HCLC) in May 2009, the DHS CHCO updated the council members on his
office's efforts to establish an automated performance management tool.
Members of the HCLC's Human Capital Subcommittee on Performance
Management also solicited feedback from the HCLC on whether changing
the dates of the department's performance management cycle could be
explored by the subcommittee because it currently falls at a
challenging time during the fiscal year. The HCLC discussed the issue
and raised points, such as the relationship with the SES performance
cycle and the impact of potential continuing resolutions. Ultimately,
the HCLC agreed the subcommittee should pursue the issue. Similarly,
when we observed a Management Council meeting in April 2009, the
council members shared information on issues that affect multiple
management functions, such as the Transformation and Systems
Consolidation (TASC) initiative to consolidate and integrate its
financial management, acquisition, and asset management systems. The
council meetings also provide a forum for the component chiefs to
provide input into departmentwide plans, such as the functional area
strategic plans. For example, component officials from the information
technology and human capital management functions collaborated with
their corresponding DHS management chief on the development of their
functions' strategic plans at council meetings or council-sponsored off-
site meetings.
The councils also provide a forum for component management chiefs to
raise concerns and suggestions about departmentwide management
initiatives. For example, when we observed the CIO Council meeting in
April 2009, a component official expressed concern about the
component's outdated financial management system, which they have not
replaced because they are waiting for the departmentwide TASC solution.
The official said that the component is repeatedly receiving negative
results on their financial systems audit while they wait. The DHS CIO
responded that if the TASC initiative experiences further delays, she
will work with the DHS CFO's office to jointly determine a solution to
allow the components to make progress and identify areas of possible
audit mitigation while waiting for TASC to be implemented. Finally, we
found that the six functional councils provide the component management
chiefs with an opportunity to collaborate with their peers in other
components and share best practices. The FEMA Assistant Administrator
for Management explained that FEMA is in a better position today
because of its management chiefs' participation in the councils. He
said the management chiefs have been able to better handle issues
because they are able to learn best practices from their counterparts
in other components who are dealing with the same issues and would not
have the same access to the other components without the functional
councils.
DHS's Management Directorate Has Taken Actions to Consolidate
Management Policies, Processes, and Systems:
While DHS does not have a comprehensive management strategy, its
Management Directorate is working to consolidate management policies,
processes with associated governance boards, and systems. The
Management Directorate has developed and implemented departmentwide
policies to replace policies from each of the legacy agencies that make
up DHS in all six management functions. For example, the DHS CAO's
office completed a comprehensive review of directives that govern
departmentwide activities. According to the DHS Internal Control
Bluebook for fiscal year 2008, results of this review reduced the
number of directives by over 56 percent. The DHS CAO's office also
implemented a new initiative to develop uniform policies and programs
for radiation safety across the department. The DHS CFO's office
launched an online Financial Management Policy Manual tool, which
serves as the single authoritative guide on financial management and
the foundation for departmentwide financial management knowledge
sharing and standardization. According to officials from the DHS CFO's
office, the Financial Management Policy Manual is part of its approach
to integrate within the financial management function and is critical
to enable financial management employees to carry out their duties and
responsibilities effectively and efficiently.
The Management Directorate has also taken steps toward consolidating
some management processes and established governance boards to manage
the processes in the areas of acquisition, information technology,
financial management, and resource allocation, as shown in table 4.
Table 4: DHS Governance Boards:
Governance board and date established: Acquisition Review Board
(formerly the Investment Review Board); November 2008.
Chair:
Deputy Secretary, USM, Deputy USM, Component Head or Component
Acquisition Executive[A];
Membership:
* USM;
* CFO;
* CIO;
* CAO;
* CPO;
* CSO;
* Assistant Secretary for Policy;
* General Council;
* Director of Operational Test and Evaluation.
Governance board and date established: Enterprise Architecture Board;
April 2004;
Chair: CIO;
Membership:
* CPO;
* Office of Applied Technology;
* Chief Information Security Officer;
* Office of Accessible Systems and Technology;
* Information Technology Services Office;
* Enterprise Business Management Office;
* Enterprise System Development Office.
Governance board and date established: Senior Management Council for
Internal Controls; June 2008;
Chair: USM;
Membership:
* CAO;
* CFO;
* CIO;
* CHCO;
* Chief Information Security Officer;
* CSO;
* CPO.
Governance board and date established: Program Review Board; March
2008;
Chair: Deputy Secretary;
Membership:
* USM;
* CFO;
* Deputy General Counsel;
* Deputy Assistant Secretary, Office of Policy;
* Heads CBP, ICE, FEMA, TSA, U.S. Coast Guard, USCIS, U.S. Secret
Service, Domestic Nuclear Detection Office, Federal Law Enforcement
Training Center, Office of Health Affairs, Office of Intelligence and
Analysis, NPPD, Operations Coordination, and Science and Technology.
Source: GAO Analysis of DHS documents.
Note: DHS also has a Working Capital Fund Governance Board, which
provides policy oversight and direction for the activities to be
included in the Working Capital Fund.
[A] The chair of the Acquisition Review Board (ARB) differs based on
which DHS official is designated as the Acquisition Decision Authority
for a given acquisition program, according to the amount of the
program's total life cycle costs.
[End of table]
As we previously reported, the Management Directorate recognized
historical shortcomings in its acquisition review process and released
an interim acquisition management directive in November 2008.[Footnote
28] The interim directive established a revised acquisition review
process, including roles and responsibilities of DHS approving
authorities, threshold levels for acquisitions, and acquisition
decision events and the corresponding documentation required.
Specifically, it established the Acquisition Review Board (ARB) as the
department's highest review body and charged it with reviewing and
approving all programs at key milestone decision points that are above
$300 million in life cycle costs. In September 2009, we testified that
DHS has also reinstated regular ARB meetings and acquisition decision
memorandums.[Footnote 29] Specifically, as of September 15, 2009, DHS's
ARB reports that it completed 14 acquisition reviews in 2008, and has
thus far completed 18 reviews in 2009, including reviews of major
acquisitions, such as SBInet, US-VISIT, and Secure Flight. DHS also
reports that 7 additional reviews are scheduled to occur by the end of
the fiscal year. We previously reported that while recent actions
establishing the ARB and an acquisition process represent progress, the
department's previous acquisition review process was not able to
effectively carry out its oversight responsibilities and keep pace with
investments since 2004.[Footnote 30] It is too soon to tell whether
DHS's latest efforts will be sustained to ensure investments are
consistently reviewed as needed. The DHS IG has also reported that DHS
faces challenges in implementing corrective actions for acquisition
oversight.[Footnote 31]
In addition, DHS established an Enterprise Architecture Board (EAB) to
guide and approve new information technology investments. Enterprise
architecture provides systematic structural descriptions of how a given
organization operates today and how it plans to operate in the future,
and it includes a plan to transition from the current state to the
future state. The EAB reviews and approves information technology
investments to ensure they align with DHS's enterprise architecture and
transition plan. Based on these reviews, the EAB makes recommendations
to the ARB, mentioned above, which the ARB includes in its review of
information technology acquisitions. In September 2009, we testified
that since 2003, DHS has issued annual updates to its enterprise
architecture that have improved prior versions by adding previously
missing content.[Footnote 32] However, DHS has yet to adequately
address how it determines and ensures that an investment is aligned
with its enterprise architecture. Specifically, while the Management
Directorate has recently chartered its EAB and assigned it
responsibility for ensuring that each investment is architecturally
aligned throughout its life cycle, it has yet to define a methodology,
including explicit criteria, for making a risk-based alignment
determination.
The Management Directorate established a mission action plan process
and Senior Management Council (SMC) for Internal Controls to assist the
department in identifying, assessing, prioritizing, and monitoring the
progress of efforts to remediate material weaknesses.[Footnote 33] A
mission action plan presents an overall plan for correcting a control
deficiency that includes milestones with specific dates and remediation
actions and is published annually in the department's Internal Control
Playbook. In November 2008, the Management Directorate created its
first Internal Control Bluebook, which provides the status of the
department's efforts to design and implement departmentwide internal
controls. The SMC oversees the mission action plan process and
determines when sufficient action has been taken to correct material
weakness. The Management Directorate has faced challenges in
implementing the mission action plan process at the components. For
example, the DHS IG reported that while FEMA prepared mission action
plans for the fiscal year 2009 Internal Control Playbook that address
known deficiencies, its financial reporting mission action plan did not
adequately emphasize the primary root cause of control weaknesses.
[Footnote 34] Similarly, the DHS IG reported that the TSA's financial
reporting mission action plan in the fiscal year 2009 Internal Control
Playbook lacked specific milestones related to some root causes and
lacked clear linkage from the root cause to actions and milestones to
address the deficiencies.[Footnote 35]
The Management Directorate also participates in the Program Review
Board (PRB), which governs the department's programming efforts as part
of the broader Planning, Programming, Budget, and Execution process.
This process is the department's effort to ensure goals and priorities
are translated into actionable requirements, programmed and budgeted
for appropriately, and realized through execution. Specifically, the
USM is a member of the PRB. The PRB considers major multi year
programmatic issues across the department and recommends resource
allocation decisions to the deputy secretary based on priorities. These
decisions provide department approved 5-year resource profiles by
component, and provide the foundation for the next DHS budget sent to
the Office of Management and Budget. The DHS Program Analysis and
Evaluation Director told us that the USM has been instrumental in
helping components prioritize activities. The PRB gives the USM a forum
for providing input into the resource decisions from a management
perspective. However, without a management integration strategy for the
department with clear priorities, it is unclear how the management
initiatives related to integration that are considered are being
prioritized, and whether resources are being used in the most efficient
and effective manner.
Additionally, the Management Directorate has taken steps in an effort
to consolidate the department's systems. For example, the TASC
initiative is the department's current effort to consolidate its
financial management, acquisition, and asset management systems. DHS
has been working to consolidate its financial management systems since
the department was first created. A prior effort focused on financial
management systems integration began in January 2004, known as the
Electronically Managing Enterprise Resources for Government
Effectiveness and Efficiency (eMerge2) project. This project was
expected to integrate financial management systems departmentwide and
address existing financial management weaknesses. However, DHS
officially ended the eMerge2 project in December 2005, acknowledging
that this project had not been successful. Litigation has slowed the
Management Directorate's selection process for a contractor to
implement TASC, but DHS expects to award the contract in early 2010.
While DHS officials told us they believe communications between the
department's CFO and the component CFOs for TASC seem to be working
well, in October 2009, we testified that the department has not yet
completely defined its financial management strategy and plan to move
forward with financial management integration efforts.[Footnote 36]
The Management Directorate also has an initiative under way to
consolidate its information technology data centers, which are
facilities that contain electronic equipment used for data processing,
data storage, and communications networking. The Data Center
consolidation initiative is an effort to move from DHS's 17 legacy data
centers to two large-scale enterprise data centers. According to DHS's
fiscal year 2010 Budget in Brief report, DHS expects the reduced number
of data centers to help streamline the department's maintenance and
support contracts as well as enhance security and improve information
sharing with stakeholders.[Footnote 37] While the Management
Directorate intends to complete the relocation of legacy data centers
to the new data centers by fiscal year 2011, it is facing challenges in
the implementation of the Data Center consolidation. For example, the
DHS IG reported that the department has not established necessary
connectivity between the two data centers so they are able to provide
backup capabilities for each other because necessary telecommunications
equipment and circuits are not in place to transmit data between the
two centers.[Footnote 38]
Performance Management Practices Could Be More Consistently Applied
Departmentwide to Strengthen Reporting Relationships between Department
and Component Management Chiefs:
During a transformation, strategic goals must be clear and enable
stakeholders and employees to understand what they need to do
differently to help the organization achieve success.[Footnote 39] The
organization's performance management system can help to show how
individual performance can contribute to overall organizational
results, and can help manage and direct the transformation process.
Specifically, we have reported that several practices are critical to
ensuring that the performance management system supports
change.[Footnote 40] To be successful, transformation efforts must
align individual performance expectations with organizational goals.
These practices support efforts to create a "line of sight" showing how
unit and individual performance can contribute to overall
organizational results, and in the case of transforming DHS and
integrating the department, can enable the USM and department
management chiefs to align activities of subordinate management
officials in support of the management integration strategy. A line of
sight that connects management integration goals should show how the
USM, department management chiefs, and management chiefs of DHS
components all contribute to and support DHS management integration
goals. Figure 3 provides an example of how individual goals for the USM
and department and component management chiefs support the Management
Directorate and department goals and objectives for management
integration activities related to a particular management integration
initiative--in this case, DHS Data Center consolidation. The figure
also depicts how management officials at each level provide performance
input to align the activities of subordinate levels.
Figure 3: Line of Sight Linking Organizational and Individual Goals and
Objectives for DHS Data Consolidation:
[Refer to PDF for image: illustration]
Organizational objectives:
DHS Strategic Plan:
Goal/objective:
Strengthen and unify DHS operations and management;
Detailed statement:
We will optimize processes and systems to facilitate integration and
coordination.
Management Directorate Strategic Plan:
Goal/objective:
Optimize processes and systems;
Detailed statement:
Integrate functional operations to facilitate cross-component synergies
and streamline coordination ensuring reliable and efficient support of
mission objectives.
Individual objectives:
Under Secretary for Management Performance Agreement:
Goal/objective:
Improve management programs & initiatives for DHS HQ;
Detailed statement:
Improve management program & initiatives for DHS HQ that improve the
quality of life of employees, enhance operations, improve security, and
provide efficiencies in operations by 30 Sept. 08.
DHS CIO Performance Agreement:
Goal/objective:
Consolidate component data centers;
Detailed statement:
Consolidate 17 component data centers into 2 enterprise data centers.
DHS CIO Performance Agreement[A]:
Goal/objective:
Advance DHS headquarters IT collaborative efforts;
Detailed statement:
DHS data center consolidation:10% x quantity of certification and
accreditation tracking systems shut down in non-DHS data centers; 10% x
quantity of certification and accreditation tracking systems stood up
in DHS data centers.
Source: GAO analysis of DHS documents.
[A] The USCIS CIO performance agreement objective cited in figure 3 was
linked to DHS's Strategic Plan Goal 5 Strengthen and Unify DHS
Operations and Management, but not to the Management Directorate
Strategic Plan.
[End of figure]
The USM's Performance Agreement and Evaluation Indicate That the USM
Was Held Accountable for Management Directorate and DHS Strategic
Objectives:
As the designated CMO of the department, the USM is specifically tasked
with leading management integration at DHS, and is the first link in
the line of sight that connects organizational and individual goals and
objectives, necessary to ensure that once a management integration
strategy is developed, management leaders at each level support its
implementation.[Footnote 41] The 9/11 Commission Act requires that the
USM enter into an annual performance agreement with the Secretary,
including measurable individual and organizational goals, and be
subject to an annual performance evaluation by the Secretary, with a
determination of progress made toward achieving those goals and
measures.[Footnote 42] Similarly, we have reported that top leadership
should drive the transformation, and have previously stated that the
organization's CMO should have a clearly defined, realistic performance
agreement.[Footnote 43] To support departmentwide goals, the USM's
performance plan should reflect the DHS Strategic Plan and Management
Directorate Strategic Plan, and when developed, the management
integration strategy. In reviewing performance management linkages at
the USM's level, we found that the Deputy Secretary provided input into
the USM's performance plan in October 2007, and conducted a performance
evaluation in 2008 based on this agreement. According to DHS officials,
the Deputy Secretary conducted the performance agreement and
evaluation--rather than the Secretary--based on delegated
responsibilities for the performance of management reform as the
department's chief operating officer.
Performance objectives in the USM's agreement and evaluation show
linkages to strategic plans, and include references to several efforts
related to management integration. Specifically, the USM's performance
objectives included clear linkages to the fiscal year 2009 through 2014
Management Directorate Strategic Plan, and to the fiscal year 2008
through 2013 DHS Strategic Plan Goal 5--"Strengthen and Unify DHS
Operations and Management." In terms of the content of individual
objectives, three of the performance objectives refer to projects or
initiatives specifically: (1) Designing a new acquisition review
system, (2) finalizing and implementing a plan to improve management
controls, and (3) establishing a certified SES performance system. One
objective refers generally to improving management programs and
initiatives for DHS's headquarters.[Footnote 44] The efforts to
implement a new acquisition review system and management controls and
centralize management of SES positions involves increasing integration
of management functions. The Integrated Strategy for High Risk
Management referenced in the performance plan was mentioned by DHS as
providing guidance for management integration efforts. Other
initiatives that contribute to integration, including the consolidation
of DHS data centers, are described as accomplishments in the USM's
evaluation related to the implementing programs and initiatives for
DHS's headquarters objective.
Department Management Chiefs' Performance Agreements Show Linkages to
Higher Level Strategies and Include Management Integration Goals and
Objectives:
The second link in the line of sight involves the USM's relationship
with the department management chiefs. Five department chiefs report
directly to the USM, and the CFO has a dual reporting relationship to
the Secretary and the USM.[Footnote 45] Based on performance management
practices mentioned above, department management chiefs' performance
plans should support organizational goals included in the Management
Directorate Strategic Plan. We would expect these performance plans
should also support a department management integration strategy, when
one is developed.
In reviewing department management chiefs' performance agreements, we
found that they supported higher level Management Directorate goals and
objectives, and included references to management integration-related
activities. For example, performance agreements for the six department
management chiefs consistently include a reference to the Management
Directorate's Strategic Plan. We also learned from DHS officials that
fiscal year 2009 was the first year that the USM provided a common
objective to department management chiefs. Specifically, the fiscal
year 2009 management chiefs' performance plans included a joint
performance objective related to management support for the expansion
of NPPD. In addition, the agreements consistently include objectives
related to management integration. The following are examples of
management integration-related objectives in performance agreements:
* The CSO's agreement included an objective to "Integrate security
services department wide through development and implementation of
security policies and practices for the department."
* The Acting CIO's agreement included objectives for consolidating
legacy networks and consolidating component data centers (as depicted
in figure 3).
* The CHCO's agreement included an objective for providing DHS-wide
policy and guidance on all major human resources matters.
* The CAO's agreement included an objective to establish a consolidated
headquarters for DHS.
Performance agreements also showed evidence of common goals. For
example, as discussed previously, each chief's agreement includes
support for the expansion of NPPD. The performance agreements also
refer to specific actions for support from that management function,
such as providing space for the new employees, in the CAO's case, and
providing information technology hardware and software to support the
new employees, in the CIO's case.
Department Management Chiefs Have Not Consistently Implemented "Dotted
Line" Reporting Relationships in Accordance with Management Directives:
The third link in the line of sight involves the department management
chiefs' relationships with the management chiefs in DHS's component
agencies. The component management chiefs directly report to their
component agency heads, while also having a "dotted line," or indirect,
reporting relationship to their respective department management chief.
[Footnote 46] The arrangement of component heads and department chiefs
both supporting integration of management functions is referred to as
"dual accountability." When we reviewed DHS's management integration
progress in 2005, the department had recently established the dual
accountability structure of reporting relationships.[Footnote 47]
Management directives define department and component management
chiefs' responsibilities, including specific ways that department
management chiefs should provide direction to component management
chiefs. For example, management directives require the department chief
to establish annual milestones for integrating the management function.
The directives also require the management chiefs to provide written
performance objectives to the component management chief at the start
of each performance cycle, feedback to the component rating official on
the component chief's accomplishment of objectives, and input on bonus
or award recommendations, pay, and other forms of commendation. Also,
in accordance with performance management practices mentioned
previously, to ensure accountability for change, component management
chiefs' performance agreements should reflect the department management
chiefs' specific performance objectives for the component chiefs'
management functions, and should also reflect the Management
Directorate and departmentwide strategic plans.
All department management chiefs except for the CSO said that they
specifically established annual priorities of some sort--either goals,
objectives, milestones, and /or expected results--for their function.
In addition, we reviewed documentation of goals, objectives,
milestones, or expected results for each of these management functions.
Four management chiefs--the CFO, CPO, CHCO, and CAO--said that the
priorities were determined through annual planning processes for the
function, either at an offsite meeting or through the management
function's council. The CSO indicated that the management function's
strategic plan served in place of annual milestones, although the plan
provided did not identify its applicability to any given year or
distinguish any priorities or target for implementation within a
particular year.
At an individual level, however, the department chiefs did not
consistently provide individual input at the beginning of the component
management chiefs' performance cycle--either through written goals and
objectives or via direct input into the performance agreement.
Management directives for each management function include a
requirement that department management chiefs provide the component
management chief with written objectives at the start of the annual
performance cycle. In our review we found that only two department
chiefs--the CAO and CPO--said that they provided individual input with
regard to component chiefs' performance. The CAO said that he provided
written objectives attached to a memo that was sent to each component
CAO, and the CPO said that individual input and goals were provided
annually in the form of a letter. We also reviewed these objectives and
goals provided to the components. The other four management chiefs said
that they did not provide individual input, and instead pointed to
collective goals or objectives developed through planning processes and
contained in strategic or operational plans. While these collective
processes and overall plans provide general guidance for the management
function, they do not meet the standard established by the management
directives of annual, individualized performance input.
The USM told us that the functional councils have improved in their
development of common management goals for their functions, but she
agreed that they have not yet consistently followed through by putting
those goals into individual performance plans. She added that the
department's management chiefs would be including this information in
component chiefs' performance plans for 2010. Despite the lack of
department input in the four component management chiefs' performance
agreements mentioned above, in reviewing the agreements we found that
some of them included a link to the Management Directorate Strategic
Plan, a management function strategy or plan, or the DHS Strategic Plan
Goal 5 for management. Some performance agreements also referred to
supporting department-level efforts, with references to activities such
as supporting department-level strategic plans and council activities
and implementing departmentwide management initiatives.
In addition to input into component chief performance agreements,
management directives require department chief feedback to the
component rating official regarding the component chiefs'
accomplishment of annual objectives. The CFO, CSO, and CAO told us that
they provided input into component chiefs' performance appraisals,
while the CIO and CPO did not provide input. The CPO stated that he
would be providing input beginning with the fiscal year 2010
performance appraisals. The CHCO said that, due to his limited tenure
in the position, he could not state whether input had occurred. In
addition to individual input, department chiefs have the opportunity to
review the component chiefs' performance ratings and bonuses and/or pay
adjustments at the conclusion of the department Performance Review
Boards prior to their approval by the deputy secretary. While this
assessment provides an additional opportunity for department oversight,
it does not satisfy the management directives' requirement for input by
the department chief to the component rating official. The USM said
that departmental chiefs' input into component chiefs' performance
appraisals would be a priority in the future.
In summary, performance management practices to help ensure
accountability for management integration between the department and
component management chiefs are not consistently in place. While
linkages are being most clearly defined at the department chief level
within their individual management functions, department chiefs are not
consistently providing the guidance and input required by department
management directives and in accordance with performance management
leading practices. The inconsistent application of such guidance and
practices presents challenges to institutionalizing individual
accountability and enabling the effective exercise of authority at the
department. Without ensuring that the management chiefs provide input
into component chiefs' performance plans and evaluations as required,
the Management Directorate cannot be sure that component chiefs are
fully implementing management integration.
Conclusions:
In the more than 6 years since its establishment, DHS has taken actions
that could help it transform organizationally and integrate its
management functions to establish a unified department. In particular,
the department has taken actions to vertically integrate the component
agencies by developing common policies, procedures, and systems within
individual management functions, such as human capital and information
technology However, DHS has placed less emphasis on integrating
horizontally, and bringing together these multiple management functions
across the department.
In addition, key characteristics that are necessary to guide and ensure
successful management integration are not yet in place, such as
identification of trade-offs, priorities, and implementation goals, and
the implementation and transformation of the department remains on our
high-risk list. Current plans are a step in the right direction, but in
the absence of a comprehensive strategy for management integration as
required by the 9/11 Commission Act and meeting all of the previously
identified characteristics for such a strategy, it is unclear how
management integration will be more fully achieved across the
department. We therefore reiterate our prior recommendation, not yet
fully implemented, that DHS develop a comprehensive management
integration strategy. We continue to believe that a comprehensive
strategy for management integration is warranted, and would help the
department to ensure that its management initiatives are implemented in
a coherent way. It would also help DHS to communicate its approach for
management integration and measures for evaluating progress made.
Moreover, while DHS has been implementing management initiatives and
processes across the department, in the absence of a comprehensive
management integration strategy, it is unclear how these efforts are
being prioritized and sequenced, and trade-offs between them are being
recognized. In addition, a comprehensive strategy for management
integration would help the department establish performance measures to
better gauge its progress in integrating its various management
policies, processes, and systems across DHS. Although the department
has developed certain management measures, these measures do not allow
the department to assess the extent to which it is making progress in
implementing and achieving management integration both within and
across functional areas.
The "dotted line" reporting relationships between the department chiefs
will be particularly important once DHS develops a management
integration strategy that would involve decisions and trade-offs that
are dependent on component compliance to succeed. Implementation of
existing performance management mechanisms--such as the departmental
management chiefs' input into component chiefs' performance plans and
evaluations, and linkages between department goals and objectives and
individual performance plans for component management chiefs--is
necessary to ensure that the Management Directorate can exercise its
authority and leadership to implement a management integration
strategy.
Recommendations for Executive Action:
To strengthen its management integration efforts, we recommend that the
Secretary of Homeland Security direct the Under Secretary for
Management, working with others, to take the following four actions:
* Once a comprehensive management integration strategy is developed,
consistent with statute and as we previously recommended, establish
performance measures to assess progress made in achieving
departmentwide management integration;
* Ensure that department management chiefs provide written objectives
for component management chiefs' performance plans at the beginning of
each performance cycle, and that the objectives are representative of
determined priorities and milestones for the management functions
during that period;
* Ensure that department management chiefs provide input into component
management chiefs' annual performance evaluations; and:
* Ensure that component management chiefs' individual performance plans
are reflective of and include linkages to the goals and objectives for
the Management Directorate and relevant department management function.
Agency Comments and Our Evaluation:
We provided a draft of this report to the Secretary of the Department
of Homeland Security for comment. In written comments on a draft of
this report, the DHS Under Secretary for Management provided
information on steps the department was taking or planning to take to
develop a strategy for management integration, as we had recommended in
our 2005 report, and to link this strategy to SES performance
appraisals for the management chiefs. Specifically, the Under Secretary
for Management said that she is leading the process for developing a
detailed, measurable plan that will include the actions and milestones
necessary to accomplish management integration at the department.
Additionally, the Under Secretary for Management stated that the
integration plan will be tied to the SES performance appraisals for
each management chief for the fiscal year 2010 performance cycle, and
that the plan will also serve as the required annual performance
agreement between the Secretary and the Under Secretary for Management.
While DHS's letter did not directly comment on our recommendations in
this report related to the need for performance measures for management
integration and additional steps needed to strengthen accountability
for the management chiefs, the Director of DHS's Internal Control
Program Management Office noted in a subsequent e-mail that DHS
concurred with our report and its written comments were intended to
discuss steps to implement the recommendations in our report.
DHS's written comments are contained in appendix I. We incorporated
technical comments provided by DHS as appropriate.
As agreed with your offices, unless you publicly announce the contents
of this report earlier, we plan no further distribution until 30 days
from the report date. At that time, we will send copies to the
Department of Homeland Security and other interested parties. In
addition, the report will be available at no charge on the GAO Web site
at [hyperlink, http://www.gao.gov].
If you or your staff have any further questions about this report,
please contact me at (202) 512-6543 or steinhardtb@gao.gov, or David
Maurer, Director, at (202) 512-9627 or maurerd@gao.gov. Points of
contact for our Offices of Congressional Relations and Public Affairs
may be found on the last page of this report. Key contributors to this
report are listed in appendix II.
Signed by:
Bernice Steinhardt, Director:
Strategic Issues:
Signed by:
David C. Maurer, Director:
Homeland Security and Justice:
[End of section]
Appendix I: Comments from the Department of Homeland Security:
U.S. Department of Homeland Security:
Washington, DC 20528:
November 10, 2009:
Ms. Bernice Steinhardt:
Director:
U.S. Government Accountability Office:
441 G Street, N.W.
Washington, D.C. 20548-001:
Dear Ms. Steinhardt:
Thank you for providing the Government Accountability Office's (GAO)
draft report; "Actions Taken Toward Management Integration, But a
Comprehensive Strategy is Still Needed" (GAO-10-131). We have taken the
opportunity to assess our progress on developing a dedicated strategy
for management integration as well as consider how to incorporate it
with strategic efforts toward transformation and implementation for the
Department.
In support of critical management integration efforts, I am leading the
process for developing a detailed, measurable plan as recommended by
your draft report. The plan will further develop the actions and
milestones necessary to accomplish the Department of Homeland Security
management integration. Additionally, the integration plan will be tied
to the senior executive service performance appraisals for each
business line chief for the Fiscal Year 2010 performance cycle. This
plan will also serve as the required annual performance agreement
between the Secretary and the Under Secretary for Management. I am
confident that this plan will further the Department's integration
goals as it will clearly and concisely state the actions DHS will take
in the next years toward integration.
Thank you for your contributions to provide recommendations for
improvements to DHS management integration. If there are any questions,
please contact me or Sharie Bourbeau, Deputy Under Secretary in the
Office of the Under Secretary for Management, at (202) 4473400.
Sincerely,
Signed by:
Elaine C. Duke:
Under Secretary for Management:
[End of section]
Appendix II: GAO Contacts and Staff Acknowledgments:
GAO Contacts:
Bernice Steinhardt, (202) 512-6543 or steinhardtb@gao.gov. David
Maurer, (202) 512-9627 or maurerd@gao.gov:
Staff Acknowledgments:
In addition to the contact named above Sarah Veale, Assistant Director;
Rebecca Gambler, Assistant Director; S. Mike Davis; Barbara Lancaster;
Jared Hermalin; Bion Bliss; Jyoti Gupta; Tom Beall; and Karin Fangman
made significant contributions to this report.
[End of section]
Related GAO Products:
Financial Management Systems: DHS Faces Challenges to Successfully
Consolidate its Existing Disparate Systems. [hyperlink,
http://www.gao.gov/products/GAO-10-210T]. Washington, D.C.: October 29,
2009.
Homeland Security: Despite Progress, DHS Continues to Be Challenged in
Managing Multi-Billion Dollar Annual Investment in Large-Scale Systems.
[hyperlink, http://www.gao.gov/products/GAO-09-1002T]. Washington,
D.C.: September 15, 2009.
High-Risk Series: An Update. [hyperlink,
http://www.gao.gov/products/GAO-09-271]. Washington, D.C.: January
2009.
Department of Homeland Security: A Strategic Approach Is Needed to
Better Ensure the Acquisition Workforce Can Meet Mission Needs.
[hyperlink, http://www.gao.gov/products/GAO-09-30]. Washington, D.C.:
November 19, 2008.
Department of Homeland Security: Billions Invested in Major Programs
Lack Appropriate Oversight. [hyperlink,
http://www.gao.gov/products/GAO-09-29]. Washington, D.C.: November 18,
2008.
Department of Homeland Security: Progress Made in Implementation of
Management Functions, but More Work Remains. [hyperlink,
http://www.gao.gov/products/GAO-08-646T]. Washington, D.C.: April 9,
2008.
Organizational Transformation: Implementing Chief Operating Officer /
Chief Management Officer Positions in Federal Agencies. [hyperlink,
http://www.gao.gov/products/GAO-08-322T]. Washington, D.C.: December
13, 2007.
Department of Homeland Security: Better Planning and Assessment Needed
to Improve Outcomes for Complex Service Acquisitions. [hyperlink,
http://www.gao.gov/products/GAO-08-263]. Washington, D.C.: April 22,
2008.
Organizational Transformation: Implementing Chief Operating Officer /
Chief Management Officer Positions in Federal Agencies. [hyperlink,
http://www.gao.gov/products/GAO-08-34]. Washington, D.C.: November 1,
2007.
Homeland Security: DHS Enterprise Architecture Continues to Evolve but
Improvements Needed. [hyperlink,
http://www.gao.gov/products/GAO-07-564]. Washington, D.C.: May 9, 2007.
Federal Real Property: DHS Has Made Progress, but Additional Actions
Are Needed to Address Real Property Management and Security Challenges.
[hyperlink, http://www.gao.gov/products/GAO-07-658]. Washington, D.C.:
June 22, 2007.
Homeland Security: Departmentwide Integrated Financial Management
Systems Remain a Challenge. [hyperlink,
http://www.gao.gov/products/GAO-07-536]. Washington, D.C.: June 21,
2007.
Department of Homeland Security: Progress Report on Implementation of
Mission and Management Functions. [hyperlink,
http://www.gao.gov/products/GAO-07-454]. Washington, D.C.: August 17,
2007.
Information Technology: DHS Needs to Fully Define and Implement
Policies and Procedures for Effectively Managing Investments.
[hyperlink, http://www.gao.gov/products/GAO-07-424]. Washington, D.C.:
April 27, 2007.
Department of Homeland Security: A Comprehensive and Sustained Approach
Needed to Achieve Management Integration. [hyperlink,
http://www.gao.gov/products/GAO-05-139]. Washington, D.C.: March 16,
2005.
Results-Oriented Cultures: Implementation Steps to Assist Mergers and
Organizational Transformations. [hyperlink,
http://www.gao.gov/products/GAO-03-669]. Washington, D.C.: July 2,
2003.
[End of section]
Footnotes:
[1] These 22 agencies, offices, and programs were U.S. Customs Service;
U.S. Immigration and Naturalization Service; Federal Protective
Service; Transportation Security Administration; Federal Law
Enforcement Training Center; Animal and Plant Health Inspection
Service; Office for Domestic Preparedness; Federal Emergency Management
Agency; Strategic National Stockpile and the National Disaster Medical
System; Nuclear Incident Response Team; Domestic Emergency Support
Team; National Domestic Preparedness Office; Chemical, Biological,
Radiological, and Nuclear Countermeasures Program; Environmental
Measures Laboratory; National BW Defense Analysis Center; Plum Island
Animal Disease Center; Federal Computer Incident Response Center;
National Communication System; National Infrastructure Protection
Center; Energy Security and Assurance Program; Secret Service; and U.S.
Coast Guard.
[2] GAO, Department of Homeland Security: Progress Made in
Implementation of Management Functions, but More Work Remains,
[hyperlink, http://www.gao.gov/products/GAO-08-646T] (Washington, D.C.:
Apr. 9, 2008).
[3] GAO, Department of Homeland Security: A Comprehensive and Sustained
Approach Needed to Achieve Management Integration, [hyperlink,
http://www.gao.gov/products/GAO-05-139] (Washington, D.C.: Mar. 16,
2005); and GAO, Results-Oriented Cultures: Implementation Steps to
Assist Mergers and Organizational Transformations, [hyperlink,
http://www.gao.gov/products/GAO-03-669] (Washington, D.C.: July 2,
2003).
[4] Pub. L. No. 107-296, 116 Stat. 2135 (Nov. 25, 2002).
[5] Pub. L. No. 110-53, 121 Stat. 266 (Aug. 3, 2007).
[6] Congress enacted the Government Performance and Results Act of 1993
(GPRA) to address several broad purposes, including improving federal
program effectiveness, accountability, and service delivery, and
enhancing congressional decision making by providing more objective
information on program performance. GPRA requires executive agencies to
complete strategic plans in which they define their missions, establish
results-oriented goals, and identify the strategies that will be needed
to achieve those goals. GPRA also requires executive agencies to
prepare annual performance plans that articulate goals for the upcoming
fiscal year that are aligned with their long-term strategic goals.
Finally, GPRA requires executive agencies to measure performance toward
the achievement of the goals in the annual performance plan and report
annually on their progress in program performance reports. Pub. L. No.
103-62, 107 Stat. 285 (Aug. 3, 1993).
[7] We selected NPPD because it (1) had the largest budget in fiscal
year 2008 among all of the DHS directorates and offices, (2) has a
structure of management chiefs similar to DHS's component agencies, and
(3) has a unique relationship to the Management Directorate because the
directorate directly provides management services to NPPD that normally
occur within component agencies, such as hiring and acquisition
support.
[8] GAO, High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-03-119] (Washington, D.C.: January
2003).
[9] GAO, High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-05-207] (Washington, D.C.: January
2005); and GAO, High-Risk Series: An Update, GAO-07-310 (Washington,
D.C.: January 2007).
[10] GAO, High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January
2009).
[11] [hyperlink, http://www.gao.gov/products/GAO-03-669].
[12] [hyperlink, http://www.gao.gov/products/GAO-05-139].
[13] Management chiefs in the component agencies for the acquisition
and procurement function are referred to as Component Acquisition
Executives (CAE) and Heads of Contracting Authority (HCA),
respectively. The CAE is the senior acquisition official within the
component, responsible for management and oversight of all component
acquisition functions (excluding contracting). The HCA is the senior
contracting official within the component, responsible for management
and oversight of all component contracting functions, under the
authority delegated by the CPO.
[14] Section 701 of the Homeland Security Act of 2002 included this
responsibility. Other responsibilities of the USM include financial
management, procurement, human resources and personnel, information
technology and communications systems, facilities and property
management, security, performance measurements, grants and other
assistance management programs, internal audits, and maintenance of
immigration statistics. Pub. L. No. 107-296.
[15] Pub. L. No. 110-53, § 2405. See 6 U.S.C. § 341.
[16] Pub. L. No. 110-53, § 2405.
[17] [hyperlink, http://www.gao.gov/products/GAO-05-139] and
[hyperlink, http://www.gao.gov/products/GAO-03-669].
[18] The high-risk areas we have identified include (1) implementing
and transforming DHS; (2) the National Flood Insurance Program; (3)
managing federal real property; (4) strategic human capital management;
(5) information sharing mechanisms to improve homeland security; and
(6) protecting the federal government's information systems and
critical infrastructure.
[19] The CAO strategic plan is for fiscal years 2008 through 2012, the
CIO strategic plan is for fiscal years 2009-2013, and the CHCO
strategic plan is for fiscal years 2009 through 2013. The CSO strategic
plan does not include any dates.
[20] DHS, One Team, One Mission, Securing Our Homeland: U.S. Department
of Homeland Security Strategic Plan, Fiscal Years 2008 - 2013
(Washington, D.C.: 2008)
[21] The other strategic-level goals included in the plan are: (1)
protect our nation from dangerous people; (2) protect our nation from
dangerous goods; (3) protect critical infrastructure; and (4)
strengthen our nation's preparedness and emergency response
capabilities.
[22] The second objective focuses more specifically on intelligence and
information-sharing operations, including: the timely attainment of
intelligence and incident-related information for threat/risk
mitigation; the creation of broad structures to collect, communicate,
analyze, disseminate, and integrate security and law enforcement
information; and the further development of private-public information
sharing partnerships. The third objective focuses more specifically on
strengthening and unifying the department's strategic and policy
direction, through use of improved strategic planning and assessment;
and advancing the department's operations coordination capacity for
planning and coordinating cross-cutting operations that require multi-
component activities.
[23] [hyperlink, http://www.gao.gov/products/GAO-05-139].
[24] According to the act, beginning in fiscal year 2009 and every 4
years after that, DHS must "conduct a review of the homeland security
of the Nation." DHS plans to complete and report on the first QHSR no
later than December 31, 2009, as required under the act. Pub. L. No.
110-53, § 2401. See 6 U.S.C. § 347.
[25] The other four study areas include (1) counterterrorism and
domestic security management; (2) securing our borders; (3) enforcement
of immigration laws; and (4) preparing for, responding to, and
recovering from disasters.
[26] DHS has established performance measures in support of Objectives
5.2 and 5.3, but these measures are tracked by components other than
the Management Directorate. The Management Directorate also has four
other measures that support Goal 2 of DHS's Strategic Plan to "Protect
Our Nation from Dangerous Goods." These performance measures are number
of kilograms of cocaine seized by DHS components, number of kilograms
of heroin seized by DHS components, number of kilograms of
methamphetamine seized by DHS components, and number of pounds of
marijuana seized by DHS components.
[27] Pub. L. No. 103-62, 107 Stat. 285.
[28] GAO, DHS: Billions Invested in Major Programs Lack Appropriate
Oversight, GAO-09-29 (Washington, D.C.: November 18, 2009).
[29] GAO, Homeland Security: Despite Progress, DHS Continues to Be
Challenged in Managing Its Multi-Billion Dollar Annual Investment in
Large-Scale Systems, [hyperlink,
http://www.gao.gov/products/GAO-09-1002T] (Washington, D.C.: September
15, 2009).
[30] [hyperlink, http://www.gao.gov/products/GAO-09-29].
[31] DHS Office of the Inspector General, Major Management Challenges
Facing the Department of Homeland Security, OIG-09-08 (Washington,
D.C.: November 12, 2008).
[32] [hyperlink, http://www.gao.gov/products/GAO-09-1002T].
[33] A material weakness is a significant deficiency, or a combination
of significant deficiencies, that result in more than a remote
likelihood that a material misstatement of the financial statements
will not be prevented or detected.
[34] DHS Office of the Inspector General, Independent Auditor's Report
on FEMA's FY 2008 Mission Action Plans included in DHS FY 2009 Internal
Control Playbook, OIG-09-76 (Washington, D.C.: June 5, 2009).
[35] DHS Office of the Inspector General, Independent Auditor's Report
on TSA's FY 2008 Mission Action Plans included in the DHS FY 2009
Internal Control Playbook, OIG-09-68 (Washington, D.C.: May 21, 2009).
[36] GAO, Financial Management Systems: DHS Faces Challenges to
Successfully Consolidate its Existing Disparate Systems, [hyperlink,
http://www.gao.gov/products/GAO-10-210T] (Washington, D.C.: October 29,
2009).
[37] DHS, DHS Budget in Brief Fiscal Year 2010 (Washington, D.C.:
2009).
[38] DHS Office of the Inspector General, DHS's Progress in Disaster
Recovery Planning for Information Systems, OIG-09-60 (Washington, D.C.:
April 16, 2009).
[39] [hyperlink, http://www.gao.gov/products/GAO-03-669].
[40] [hyperlink, http://www.gao.gov/products/GAO-03-669]. The two
practices noted here were selected from nine total performance
management practices because they directly related to linkages between
organizational and individual goals and objectives, and to cross-
cutting goals and objectives. Other practices that did not relate
directly to linkages include providing and routinely using performance
information to track organizational priorities, requiring follow-up
actions to address organizational priorities, using competencies to
provide a fuller assessment of performance, linking pay to individual
and organizational performance, making meaningful distinctions in
performance, involving employees and stakeholders to gain ownership of
performance management systems, and maintaining continuity during
transitions.
[41] 6 U.S.C. § 341 (a).
[42] Pub. L. No. 110-53, § 2405. See 6 U.S.C. § 341(c).
[43] [hyperlink, http://www.gao.gov/products/GAO-03-669].
[44] The Management Directorate provides management services to DHS
headquarters directorates and offices, which include the following
organizations: Office of the DHS Secretary, Management Directorate,
Science and Technology Directorate, NPPD, Office of Policy, Office of
General Counsel, Office of Legislative Affairs, Office of Public
Affairs, Office of the Inspector General, Office of Health Affairs,
Intelligence and Analysis Directorate, Office of Operations
Coordination, Citizenship and Immigration Services Ombudsman, Office of
the Chief Privacy Officer, Office of Civil Rights and Civil Liberties,
Office of Counternarcotics Enforcement, Domestic Nuclear Detection
Office, and National Cyber Security Center.
[45] Although the USM conducts the DHS CFO's performance evaluation,
the CFO reports to both the Secretary of Homeland Security and the USM,
as established by the Homeland Security Act of 2002 (6 U.S.C. § 342)
and the Department of Homeland Security Financial Accountability Act
(31 U.S.C. § 901 (b)(1)(G)).
[46] Responsibilities of the component management chiefs may not
correspond directly with responsibilities of the department chiefs in
all management functions.
[47] [hyperlink, http://www.gao.gov/products/GAO-05-139].
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548:
