Department of Homeland Security
Progress Made in Implementation and Transformation of Management Functions, but More Work Remains
Gao ID: GAO-10-911T September 30, 2010
Since 2003, GAO has designated implementing and transforming the Department of Homeland Security (DHS) as high risk because DHS had to transform 22 agencies--several with significant management challenges--into one department, and failure to effectively address its mission and management risks could have serious consequences for national and economic security. This high-risk area includes challenges in management functional areas, including acquisition, information technology, financial, and human capital management; the impact of those challenges on mission implementation; and management integration. GAO has reported that DHS's transformation is a significant effort that will take years to achieve. This testimony discusses DHS's progress and actions remaining in (1) implementing its management functions; (2) integrating those functions and strengthening performance measurement; and (3) addressing GAO's high-risk designation. This testimony is based on GAO's prior reports on DHS transformation and management issues and updated information on these issues obtained from December 2009 through September 2010.
DHS has made progress in implementing its management functions, but additional actions are needed to strengthen DHS's efforts in these areas. (1) DHS has revised its acquisition management oversight policies, and its senior-level Acquisition Review Board reviewed 24 major acquisition programs in fiscal years 2008 and 2009. However, more than 40 major programs had not been reviewed, and DHS does not yet have accurate cost estimates for most of its major programs. (2) DHS has undertaken efforts to establish information technology management controls and capabilities, but its progress has been uneven and major information technology programs, such as the SBInet virtual fence, have not met capability, benefit, cost, and schedule expectations. (3) DHS has developed corrective action plans to address its financial management weaknesses. However, DHS has been unable to obtain an unqualified audit opinion on its financial statements, and for fiscal year 2009, the independent auditor identified six material weaknesses in DHS's internal controls. Further, DHS has not yet implemented a consolidated departmentwide financial management system. (4) DHS has issued plans for strategic human capital management and employee development. Further, its scores on the Partnership for Public Service's 2010 rankings of Best Places to Work in the Federal Government improved from prior years, yet DHS was ranked 28 out of 32 agencies on scores for employee satisfaction and commitment. DHS has also taken action to integrate its management functions by, for example, establishing common policies within management functions. The Implementing Recommendations of the 9/11 Commission Act of 2007 required DHS to develop a strategy for management integration. In a 2005 report GAO recommended that a management integration strategy contain priorities and goals. DHS developed an initial plan in February 2010 that identified seven initiatives for achieving management integration. While a step in the right direction, among other things, the plan lacked details on how the initiatives contributed to departmentwide management integration. DHS is working to enhance its management integration plan, which GAO will review as part of the 2011 high-risk update. DHS also has not yet developed performance measures to fully assess its progress in integrating management functions. Since GAO first designated DHS's transformation as high risk, DHS has made progress in transforming into a fully functioning department. However, it has not yet fully addressed its transformation, management, and mission challenges, such as implementing effective management policies and deploying capabilities to secure the border and other sectors. In 2009 GAO reported that DHS had developed a strategy for managing its high-risk areas and corrective action plans to address its management challenges. While these documents identified some root causes and corrective actions, GAO reported that they could be improved by DHS identifying resources needed for implementing corrective actions and measures for assessing progress. This testimony contains no new recommendations. GAO has made over 100 recommendations to DHS since 2003 to strengthen its management and integration efforts. DHS has implemented many of these recommendations and is in the process of implementing others.
GAO-10-911T, Department of Homeland Security: Progress Made in Implementation and Transformation of Management Functions, but More Work Remains
This is the accessible text file for GAO report number GAO-10-911T
entitled 'Department of Homeland Security: Progress Made in
Implementation and Transformation of Management Functions, but More
Work Remains' which was released on September 30, 2010.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Testimony:
Before the Subcommittee on Oversight of Government Management, the
Federal Workforce, and the District of Columbia, Committee on Homeland
Security and Governmental Affairs, U.S. Senate:
United States Government Accountability Office:
GAO:
For Release on Delivery:
Expected at 2:30 p.m. EST:
Thursday, September 30, 2010:
Department of Homeland Security:
Progress Made in Implementation and Transformation of Management
Functions, but More Work Remains:
Statement of Cathleen A. Berrick, Managing Director:
Homeland Security and Justice Issues:
GAO-10-911T:
GAO Highlights:
Highlights of GAO-10-911T, a testimony before the Subcommittee on
Oversight of Government Management, the Federal Workforce, and the
District of Columbia, Committee on Homeland Security and Governmental
Affairs, U.S. Senate.
Why GAO Did This Study:
Since 2003, GAO has designated implementing and transforming the
Department of Homeland Security (DHS) as high risk because DHS had to
transform 22 agencies”-several with significant management challenges”-
into one department, and failure to effectively address its mission
and management risks could have serious consequences for national and
economic security. This high-risk area includes challenges in
management functional areas, including acquisition, information
technology, financial, and human capital management; the impact of
those challenges on mission implementation; and management
integration. GAO has reported that DHS‘s transformation is a
significant effort that will take years to achieve. This testimony
discusses DHS‘s progress and actions remaining in (1) implementing its
management functions; (2) integrating those functions and
strengthening performance measurement; and (3) addressing GAO‘s high-
risk designation. This testimony is based on GAO‘s prior reports on
DHS transformation and management issues and updated information on
these issues obtained from December 2009 through September 2010.
What GAO Found:
DHS has made progress in implementing its management functions, but
additional actions are needed to strengthen DHS‘s efforts in these
areas.
* DHS has revised its acquisition management oversight policies, and
its senior-level Acquisition Review Board reviewed 24 major
acquisition programs in fiscal years 2008 and 2009. However, more than
40 major programs had not been reviewed, and DHS does not yet have
accurate cost estimates for most of its major programs.
* DHS has undertaken efforts to establish information technology
management controls and capabilities, but its progress has been uneven
and major information technology programs, such as the SBInet virtual
fence, have not met capability, benefit, cost, and schedule
expectations.
* DHS has developed corrective action plans to address its financial
management weaknesses. However, DHS has been unable to obtain an
unqualified audit opinion on its financial statements, and for fiscal
year 2009, the independent auditor identified six material weaknesses
in DHS‘s internal controls. Further, DHS has not yet implemented a
consolidated departmentwide financial management system.
* DHS has issued plans for strategic human capital management and
employee development. Further, its scores on the Partnership for
Public Service‘s 2010 rankings of Best Places to Work in the Federal
Government improved from prior years, yet DHS was ranked 28 out of 32
agencies on scores for employee satisfaction and commitment.
DHS has also taken action to integrate its management functions by,
for example, establishing common policies within management functions.
The Implementing Recommendations of the 9/11 Commission Act of 2007
required DHS to develop a strategy for management integration. In a
2005 report GAO recommended that a management integration strategy
contain priorities and goals. DHS developed an initial plan in
February 2010 that identified seven initiatives for achieving
management integration. While a step in the right direction, among
other things, the plan lacked details on how the initiatives
contributed to departmentwide management integration. DHS is working
to enhance its management integration plan, which GAO will review as
part of the 2011 high-risk update. DHS also has not yet developed
performance measures to fully assess its progress in integrating
management functions.
Since GAO first designated DHS‘s transformation as high risk, DHS has
made progress in transforming into a fully functioning department.
However, it has not yet fully addressed its transformation,
management, and mission challenges, such as implementing effective
management policies and deploying capabilities to secure the border
and other sectors. In 2009 GAO reported that DHS had developed a
strategy for managing its high-risk areas and corrective action plans
to address its management challenges. While these documents identified
some root causes and corrective actions, GAO reported that they could
be improved by DHS identifying resources needed for implementing
corrective actions and measures for assessing progress.
What GAO Recommends:
This testimony contains no new recommendations. GAO has made over 100
recommendations to DHS since 2003 to strengthen its management and
integration efforts. DHS has implemented many of these recommendations
and is in the process of implementing others.
View [hyperlink, http://www.gao.gov/products/GAO-10-911T] or key
components. For more information, contact Cathleen A. Berrick at (202)
512-3404 or berrickc@gao.gov.
[End of section]
Mr. Chairman and Members of the Subcommittee:
I appreciate the opportunity to appear today to discuss the Department
of Homeland Security's (DHS) efforts to transform its component
agencies and integrate departmentwide management functions into a
single, fully functioning department. DHS began operations in March
2003 with missions that included preventing terrorist attacks from
occurring within the United States, reducing the nation's
vulnerability to terrorism, minimizing damages from attacks that
occur, and helping the nation recover from any attacks. The creation
of DHS represented one of the largest reorganizations and
consolidations of government agencies, personnel, programs, and
operations in recent history, initially bringing together
approximately 180,000 employees from 22 originating agencies. More
than 7 years later, DHS is now the third largest federal government
department with more than 200,000 employees and an annual budget of
more than $40 billion. DHS has taken a number of actions to transform
its component agencies and integrate and strengthen its management
functions into an effective cabinet-level department. In addition, DHS
has issued various reports and strategic documents to guide the
implementation of its mission and the integration and strengthening of
its management functions, including a revised strategic plan, the
Quadrennial Homeland Security Review Report, and the Bottom-Up Review
Report.[Footnote 1] However, we have continued to report that more
work remains to integrate and strengthen DHS's acquisition,
information technology, financial, and human capital management
functions to better support the department's ability to fulfill its
various missions.[Footnote 2]
In 2003, we designated the implementation and transformation of DHS as
high risk because it represented an enormous and complex undertaking
that would require time to achieve in an effective and efficient
manner, and it has remained on our high-risk list since.[Footnote 3]
We reported that the components that became part of DHS already faced
a wide array of existing challenges, and any failure to effectively
carry out the department's mission would expose the nation to
potentially serious consequences. In designating the implementation
and transformation of DHS as high risk, we noted that building an
effective department would require consistent and sustained leadership
from top management to ensure the transformation of disparate
agencies, programs, and missions into an integrated organization,
among other needs. Our prior work on mergers and acquisitions,
undertaken before the creation of DHS, found that successful
transformations of large organizations, even those faced with less
strenuous reorganizations than DHS, can take years to achieve.
[Footnote 4] We have made over 100 recommendations to DHS over the
past 7 years to strengthen the department's transformation and its
integration and implementation of management functions. DHS has
implemented many of these recommendations and is in the process of
implementing others.
Within the DHS implementation and transformation high risk area, we
identified as at risk the implementation of acquisition, information
technology, financial management, and human capital management
functions; the impact of weaknesses in those management functions on
DHS's accomplishment of its missions, such as DHS's deficiencies in
financial management hindering the department's ability to use
reliable financial data to support day-to-day decision making; and the
integration of management functions within and across the department.
[Footnote 5] In November 2000, we published our criteria for removing
any area from the high-risk list.[Footnote 6] Specifically, agencies
must have (1) a demonstrated strong commitment and top leadership
support to address the risks; (2) the capacity (that is, the people
and other resources) to resolve the risks; (3) a corrective action
plan that identifies the root causes, identifies effective solutions,
and provides for substantially completing corrective measures near
term, including but not limited to, steps necessary to implement
solutions we recommended; (4) a program instituted to monitor and
independently validate the effectiveness and sustainability of
corrective measures; and (5) the ability to demonstrate progress in
implementing corrective measures.
My testimony today discusses DHS's progress and actions remaining in:
* implementing its management functions in the areas of acquisition,
information technology, financial, and human capital management;
* integrating management functions within and across the department
and strengthening the department's performance measures; and:
* addressing our designation of DHS implementation and transformation
as high risk.
My statement is based on our January 2009 high-risk update and GAO
reports on DHS's management areas, management integration, and
performance measurement.[Footnote 7] In addition, we obtained updated
information from DHS from December 2009 through September 2010 on its
transformation and management integration efforts and its plans to
revise its departmentwide performance measures through meetings and
communication with DHS officials, including the former and current
Under Secretary for Management and Deputy Under Secretary for
Management. We also reviewed DHS's initial plan for management
integration. We conducted our work in accordance with generally
accepted government auditing standards. Those standards require that
we plan and perform the audit to obtain sufficient, appropriate
evidence to provide a reasonable basis for our findings and
conclusions based on our audit objectives. We believe that the
evidence obtained provides a reasonable basis for our findings based
on our audit objectives.
In summary, DHS has made progress in implementing its management
functions, but additional actions are needed to strengthen DHS's
efforts in these areas. For example, DHS has revised its oversight
policies for acquisition and information technology management,
developed corrective action plans to address financial management
internal control weaknesses, and developed human capital plans for
strategic human capital management and employee training and
development. However, we identified challenges remaining in DHS's
management areas. For example, while DHS reviewed 24 major acquisition
programs through its Acquisition Review Board in fiscal years 2008 and
2009, more than 40 major programs had not been reviewed, and DHS does
not yet have accurate cost estimates for most of its major programs.
[Footnote 8] While DHS has made progress in strengthening its
enterprise architecture, the department has not yet adequately
addressed how it determines that its information technology
investments align with that architecture.[Footnote 9] DHS has also not
yet implemented a consolidated departmentwide financial management
system and, since its establishment, has been unable to obtain an
unqualified audit opinion on its financial statements. DHS has also
faced challenges in identifying and addressing barriers to equal
employment opportunities and improving its foreign language
capabilities. DHS has taken action to integrate its management
functions by, for example, establishing common policies, procedures,
and systems within individual management functions, such as human
capital management. The Implementing Recommendations of the 9/11
Commission Act of 2007 (9/11 Commission Act) required DHS to develop a
strategy for management integration, and in a 2005 report GAO
recommended that a management integration strategy contain such
elements such as priorities and implementation goals.[Footnote 10] DHS
developed an initial plan in February 2010 that identified seven
initiatives for achieving management integration. While a step in the
right direction, among other things, we noted that the plan lacked
details on how the initiatives contributed to departmentwide
management integration and linked to the department's overall strategy
for transformation. DHS is revising the initial management integration
plan and is working to enhance it to include a framework for
strengthening acquisition management. We will review DHS's revised
management integration plan as part of our 2011 high-risk update. In
addition, since we first designated the implementation and
transformation of DHS as high risk, the department has made progress
in addressing the criteria GAO established in 2000 for removing
agencies from the high-risk list. Specifically, DHS has developed a
strategy for managing its high-risk area and corrective action plans
to address challenges in each of its management areas. The strategy
and plans addressed several of the high-risk criteria, such as
identifying some of the root causes of problems and corrective actions
to address the causes, but did not address other elements, such as the
resources needed to implement corrective actions and measures to
assess implementation efforts.
In order to address the high-risk designation, DHS needs to meet our
five high-risk criteria and, within the context of these criteria,
address specific actions and outcomes within its management areas and
management integration and demonstrate measurable, sustainable
progress in implementing those actions. These actions and outcomes
include validating required acquisition documents at each major
milestone in the acquisition review process, implementing information
technology investment management practices that have been
independently assessed as having satisfied the capabilities associated
with stage three of our Information Technology Investment Management
Framework, and linking workforce planning efforts to strategic and
program-specific planning efforts to identify current and future human
capital needs, among others.[Footnote 11]
DHS Has Made Progress in Implementing Its Management Functions, but
Additional Actions Are Needed to Strengthen These Functions:
DHS has made progress in implementing its acquisition, information
technology, financial, and human capital management functions, but
continues to face obstacles and weaknesses in these functions that
could hinder the department's transformation and implementation
efforts. For example, DHS has faced challenges in implementing
acquisition management controls, a consolidated financial management
system, and a strategic human capital plan, among other things. As DHS
continues to mature as an organization, it will be important that the
department continue to work to strengthen its management functions
since the effectiveness of these functions affects its ability to
fulfill its homeland security and other missions.
Acquisition management. While DHS has made recent progress in
clarifying acquisition oversight processes, it continues to face
obstacles in managing its acquisitions and ensuring proper
implementation and departmentwide coordination. We previously reported
that DHS faced challenges in acquisition management related to
acquisition oversight, cost growth, and schedule delays.[Footnote 12]
In June 2010, we reported that DHS continued to develop its
acquisition oversight function and had begun to implement a revised
acquisition management directive that includes more detailed guidance
for programs to use when informing component and departmental decision
making.[Footnote 13] We also reported that the senior-level
Acquisition Review Board had begun to meet more frequently and
provided programs decision memorandums with action items to improve
performance. However, while the Acquisition Review Board reviewed 24
major acquisition programs in fiscal years 2008 and 2009, more than 40
major acquisition programs had not been reviewed, and programs had not
consistently implemented review action items identified as part of the
review by established deadlines. DHS acquisition oversight officials
raised concerns about the accuracy of cost estimates for some of its
major programs, making it difficult to assess the significance of the
cost growth we identified. In addition, over half of the programs we
reviewed awarded contracts to initiate acquisition activities without
component or department approval of documents essential to planning
acquisitions, setting operational requirements, and establishing
acquisition program baselines. Programs also experienced other
acquisition planning challenges, such as staffing shortages and lack
of sustainment. For example, we reported that the U.S. Visitor and
Immigrant Status Indicator Technology (US-VISIT) did not sufficiently
define what capabilities and benefits would be delivered, by when, and
at what cost, which contributed to development and deployment delays.
In addition, we reported that three Coast Guard programs we reviewed--
Maritime Patrol Aircraft, Response Boat-Medium, and Sentinel--reported
placing orders for or receiving significant numbers of units prior to
completing testing to demonstrate that what the programs were buying
met Coast Guard needs. Our prior work has found that resolution of
problems discovered during testing can sometimes require costly
redesign or rework.[Footnote 14]
We have made a number of recommendations to DHS to strengthen its
acquisition management functions, such as (1) reinstating the Joint
Requirements Council--the department's requirements review body--or
establishing another departmental joint requirements oversight board
to review and approve acquisition requirements and assess potential
duplication of effort; (2) ensuring that budget decisions are informed
by the results of investment reviews; (3) identifying and aligning
sufficient management resources to implement oversight reviews
throughout the investment life cycle; and (4) ensuring major
investments comply with established component and departmental review
policy standards. DHS generally concurred with these recommendations
and reported taking action to begin to address some of them, including
developing the Next Generation Periodic Reporting System to capture
and track key program information, and monitoring cost and schedule
performance, contract awards and program risks.
Based on our work on DHS's acquisition management, we have identified
specific actions and outcomes that we believe the department needs to
achieve to address its acquisition management challenges. We believe
that these actions and outcomes are critical to addressing the
underlying root causes that have resulted in the high-risk
designation. In particular, DHS should demonstrate and sustain
effective execution of a knowledge-based acquisition process for new
and legacy acquisition programs by, among other things, (1) validating
required acquisition documents in a timely manner at each major
milestone; (2) establishing and operating a Joint Requirements
Council, or a similar body, to review and validate acquisition
programs' requirements; (3) ensuring sufficient numbers of trained
acquisition personnel at the department and component levels; and (4)
establishing and demonstrating measurable progress in achieving goals
that improve acquisition programs' compliance with departmental
policies.
Information technology management. DHS has undertaken efforts to
establish information technology management controls and capabilities,
but in September 2009 we reported that DHS had made uneven progress in
its information technology management efforts to institutionalize a
framework of interrelated management controls and capabilities.
[Footnote 15] For example, DHS had continued to issue annual updates
to its enterprise architecture that added previously missing scope and
depth, and further improvements were planned to incorporate the level
of content, referred to as segment architectures, needed to
effectively introduce new systems and modify existing ones. Also, we
reported that DHS had redefined its acquisition and investment
management policies, practices, and structures, including establishing
a system life cycle management methodology, and it had increased its
acquisition workforce.[Footnote 16] Nevertheless, challenges remain
relative to, for example, implementing the department's plan for
strengthening its information technology human capital and fully
defining key system investment and acquisition management policies and
procedures for information technology. Moreover, the extent to which
DHS had actually implemented these investment and acquisition
management policies and practices on major information technology
programs had been inconsistent. For example, our work showed that
major information technology acquisition programs had not been
subjected to executive-level acquisition and investment management
reviews. As a result, we reported that major information technology
programs aimed at delivering important mission capabilities, such as
the Rescue 21 search and rescue system and the Secure Border
Initiative Network (SBInet) virtual border fence, had not lived up to
their capability, benefit, cost, and schedule expectations because of,
for example, deficiencies in development and testing, and lack of risk
management processes and key practices for developing reliable cost
and schedule estimates.[Footnote 17] We have made a range of
recommendations to strengthen DHS information technology management,
such as establishing procedures for implementing project-specific
investment management policies, and policies and procedures for
portfolio-based investment management. We reported that while DHS and
its components have made progress, more needs to be done before DHS
can ensure that all system acquisitions are managed with the necessary
rigor and discipline.
Based on our work, we have identified actions and outcomes that we
believe would help the department address challenges in information
technology management that have contributed to our designation of DHS
implementation and transformation as high risk. For example, DHS
should, among other things, demonstrate measurable progress in
implementing its information technology human capital plan and
accomplishing defined outcomes, including ensuring that each system
acquisition program office is sufficiently staffed. DHS should also
establish and implement information technology investment management
practices that have been independently assessed as having satisfied
the capabilities associated with stage three of our Information
Technology Investment Management Framework.[Footnote 18] In addition,
the department should establish enhanced security of the department's
internal information technology systems and networks.
Financial management. DHS has made progress in addressing its
financial management and internal controls weaknesses, but has not yet
addressed all of them or developed a consolidated departmentwide
financial management system. Since its establishment, DHS has been
unable to obtain an unqualified audit opinion on its financial
statements (i.e., prepare a set of financial statements that are
considered reliable). For fiscal year 2009, the independent auditor
issued a disclaimer on DHS's financial statements and identified eight
deficiencies in DHS's internal control over financial reporting, six
of which were so significant that they qualified as material
weaknesses.[Footnote 19] Until these weaknesses are resolved, DHS will
not be in position to provide reliable, timely, and useful financial
data to support day-to-day decision making. DHS has taken steps to
prepare and implement corrective action plans for its internal control
weaknesses through the Internal Control Playbook, DHS's annual plan to
design and implement departmentwide internal controls.
In addition, in June 2007 and December 2009 we reported on DHS's
progress in developing a consolidated financial management system,
called the Transformation and Systems Consolidation (TASC) program,
and made a number of recommendations to help DHS address challenges
affecting the departmentwide financial management integration.
[Footnote 20] In June 2007, we reported that DHS had made limited
progress in integrating its existing financial management systems, and
we made six recommendations focused on the need for DHS to define a
departmentwide strategy and embrace disciplined processes necessary to
properly manage the specific projects.[Footnote 21] We followed up on
these recommendation in our December 2009 report and found that DHS
had begun to take actions to implement four of our six 2007
recommendations but had not yet fully implemented any of them.
Specifically, DHS had made progress in (1) defining its financial
management strategy and plan, (2) developing a comprehensive concept
of operations, (3) incorporating disciplined processes, and (4)
implementing key human capital practices and plans for such a systems
implementation effort. However, DHS had not yet taken the necessary
actions to standardize and reengineer business processes across the
department, including applicable internal controls, and to develop
detailed consolidation and migration plans. While some of the details
of the department's standardization of business processes and
migration plans depend on the selected new financial management
system, DHS would benefit from performing a gap analysis and
identifying all of its affected current business processes so that DHS
can analyze how closely the proposed system will meet the department's
needs. In addition, we reported that DHS's reliance on contractors to
define and implement the new financial management system, without the
necessary oversight mechanisms to ensure that the processes were
properly defined and effectively implemented, could result in system
efforts plagued with serious performance and management problems. We
reported that these issues placed DHS at risk for implementing a
financial management system that does not meet cost, schedule, and
performance goals. We recommended that DHS establish contractor
oversight mechanisms to monitor the TASC program; expedite the
completion of the development of the TASC financial management
strategy and plan so that the department is well positioned to move
forward with an integrated solution; and develop a human capital plan
for the TASC program that identifies needed skills for the acquisition
and implementation of the new system. DHS agreed with our
recommendations and described actions it had taken and planned to take
to address them, noting, for example, the importance of being vigilant
in its oversight of the program.
Based on our work on DHS's financial management we have identified
specific actions and outcomes that we believe the department needs to
address to resolve its financial management challenges. Among other
things, DHS should develop and implement a corrective action plan with
specific milestones and accountable officials to address the
weaknesses in systems, internal control, and business processes that
impede the department's ability to integrate and transform its
financial management. DHS should also sustain clean opinions on its
departmentwide financial statements, adhere to financial system
requirements in accordance with the Federal Financial Management
Improvement Act of 1996,[Footnote 22] and have independent auditors
report annually on compliance with the act. [Footnote 23] In addition,
DHS should establish contractor oversight mechanisms to monitor the
contractor selected to implement TASC and successfully deploy TASC to
the majority of DHS's components, such as the Coast Guard, the Federal
Emergency Management Agency, and the Transportation Security
Administration.
Human capital management. DHS has issued various strategies and plans
for its human capital activities and functions, such as a human
capital strategic plan for fiscal years 2009-2013 that identifies four
strategic goals for the department related to talent acquisition and
retention; diversity; employee learning and development; and policies,
programs, and practices.[Footnote 24] DHS is planning to issue an
updated strategic human capital plan in the coming months. While these
initiatives are promising, DHS has faced challenges in implementing
its human capital functions. For example, our prior work suggests that
successful organizations empower and involve their employees to gain
insights about operations from a frontline perspective, increase their
understanding and acceptance of organizational goals and objectives,
and improve motivation and morale.[Footnote 25] DHS's scores on the
2008 Office of Personnel Management's Federal Human Capital Survey--a
tool that measures employees' perceptions of whether and to what
extent conditions characterizing successful organizations are present
in their agency--and the Partnership for Public Service's 2010
rankings of the Best Places to Work in the Federal Government improved
from prior years. However, in the 2008 survey, DHS's percentage of
positive responses was 52 percent for the leadership and knowledge
management index, 46 percent for the results-oriented performance
culture index, 53 percent for the talent management index, and 63
percent for the job satisfaction index.[Footnote 26] In addition, in
2010, DHS was ranked 28 out of 32 agencies in the Best Places to Work
ranking on overall scores for employee satisfaction and commitment.
[Footnote 27]
In addition, our prior work has identified several workforce barriers
to achieving equal employment opportunities and the identification of
foreign language needs and capabilities at DHS. In August 2009 we
reported that DHS had developed a diversity council, among other
initiatives, but that DHS had generally relied on workforce data and
had not regularly included employee input from available sources to
identify triggers to barriers to equal employment opportunities, such
as promotion and separation rates.[Footnote 28] We also reported that,
according to DHS, it had created planned activities to address these
barriers, but modified target completion dates by up to 21 months and
had not completed any planned activities due to staffing shortages. In
June 2010 we reported on DHS's foreign language capabilities, noting
that DHS has taken limited actions to assess its foreign language
needs and existing capabilities and to identify potential shortfalls.
[Footnote 29] Assessing hiring needs is crucial in achieving a range
of component and departmentwide missions. As just one example,
employees with documented proficiency in a variety of languages can
contribute to U.S. Immigration and Customs Enforcement's intelligence
and direct law enforcement operations, but staff with these
capabilities are not systematically identified.
We have made several recommendations to help DHS address weaknesses
concerning equal employment opportunity and assessments of foreign
language needs and capabilities within human capital management. For
example, we recommended that DHS identify timelines and critical
phases along with interim milestones as well as incorporate employee
input in identifying potential barriers to equal employment
opportunities. DHS concurred with our recommendations and reported
taking action to address them, such as revising plans to identify
steps and milestones for departmental activities to address barriers
to equal employment opportunities, and developing a strategy for
obtaining departmentwide employee input. We also recommended that DHS
comprehensively assess its foreign language needs and capabilities and
identify potential shortfalls. DHS concurred with our recommendations
and reported taking actions to address them, such as developing a task
force consisting of DHS components and offices that have language
needs in order to identify requirements and assess the necessary
skills.
Based on our work on human capital management at the department, we
have identified various actions and outcomes for DHS to achieve to
address those human capital management challenges that have
contributed to our designation of DHS implementation and
transformation as high risk. The department should, among other
things, develop and implement a results-oriented strategic human
capital plan that identifies the department's goals, objectives, and
performance measures for strategic human capital management and that
is linked to the department's overall strategic plan. DHS also needs
to link workforce planning efforts to strategic and program-specific
planning efforts to identify current and future human capital needs,
and improve DHS's scores on the Federal Employee Viewpoint Survey.
[Footnote 30] In addition, DHS should develop and implement mechanisms
to assess and provide opportunities for employee education and
training, and develop and implement a recruiting and hiring strategy
that is targeted to fill specific needs.
DHS Has Taken Action to Integrate Its Management Functions and Develop
Performance Measures, but Could Strengthen Its Integration and
Performance Measurement Efforts:
DHS has taken actions to integrate its management functions and to
strengthen its performance measures to assess progress in implementing
these functions, but the department has faced challenges in these
efforts. We have reported that while it is important that DHS continue
to work to implement and strengthen its management functions, it is
equally important that DHS address management integration and
performance measurement from a comprehensive, departmentwide
perspective to help ensure that the department has the structure,
processes, and accountability mechanisms in place to effectively
monitor the progress made to address the threats and vulnerabilities
that face the nation.[Footnote 31] Management integration and
performance measurement are critical to the successful implementation
and transformation of the department.
Management integration. DHS has put in place common policies,
procedures, and systems within individual management functions, such
as human capital, that help to vertically integrate its component
agencies.[Footnote 32] However, DHS has placed less emphasis on
integrating horizontally, and bringing together its management
functions across the department through consolidated management
processes and systems.[Footnote 33] In November 2009, we reported that
DHS had not yet developed a strategy for management integration as
required by the 9/11 Commission Act and with the characteristics we
recommended in our 2005 report.[Footnote 34] Specifically, we
recommended that the strategy (1) look across the initiatives within
each of the management functional units, (2) clearly identify the
critical links that must occur among these initiatives, (3) identify
tradeoffs and set priorities, (4) set implementation goals and a time
line to monitor the progress of these initiatives to ensure the
necessary links occur when needed, and (5) identify potential
efficiencies, and ensure that they are achieved. In the absence of a
management integration strategy, DHS officials stated that documents
such as management directives and strategic plans addressed aspects of
a management integration strategy and could help the department to
manage its integration efforts. However, we reported that without a
documented management integration strategy, it was difficult for DHS,
Congress, and other key stakeholders to understand and monitor the
critical linkages and prioritization among these various efforts. We
also reported that while DHS increased the number of performance
measures for its Management Directorate, it had not yet established
measures for assessing management integration across the department.
We reported that without these measures DHS could not assess its
progress in implementing and achieving management integration. We
recommended that once a management integration strategy was developed,
DHS establish performance measures for assessing management
integration. DHS stated that the department was taking actions to
address our recommendation.
Since our November 2009 report, DHS has taken action to develop a
management integration strategy. Specifically, DHS developed and
provided us with an initial management integration plan in February
2010. The initial plan identified seven priority initiatives for
achieving management integration:
* Enterprise governance. A governance model that would allow DHS to
implement mechanisms for integrated management of DHS programs as
parts of broader portfolios of related activities.
* Balanced workforce strategy. Workforce planning efforts to identify
the proper balance of federal employees and private labor resources to
achieve the department's mission.
* TASC. DHS initiative to consolidate financial, acquisition, and
asset management systems, establish a single line of accounting, and
standardize business processes.
* DHS headquarters consolidation. The collocation of the department by
combining existing department and component leases and building out
St. Elizabeths campus in Washington, D.C.
* Human resources information technology. Initiative to consolidate,
replace, and modernize existing departmental and component payroll and
personnel systems.
* Data center migration. Initiative to move DHS component agencies'
data systems from the agencies' multiple existing data centers to two
DHS consolidated centers.
* Homeland Security Presidential Directive 12 personal identification
verification cards deployment. Provision of cards to DHS employees and
contractors for use to access secure facilities, communications, and
data.
This initial management integration plan contained individual action
plans for each of the seven initiatives. In March 2010, we met with
DHS officials and provided oral and written feedback on the initial
plan. We noted that, for example:
* the action plans lacked details on how the seven initiatives
contribute to departmentwide management integration and links to the
department's overall strategy for transformation;
* the performance measures contained in the plans did not identify
units of measure, baseline measurements, or target metrics that would
be used to measure progress;
* the impediments and barriers described in the plans did not align
with identified risks and the strategies for addressing these
impediments and barriers; and:
* the plans did not identify planned resources for carrying out these
initiatives.
DHS officials told us the department is working to enhance its initial
management integration plan to include a framework for strengthening
the department's acquisition management. We plan to review the changes
DHS is making to the initial management integration plan as part of
our work for the 2011 high-risk update.
Based on our work and recommendations on management integration, we
have identified specific actions and outcomes for DHS that we believe
will help the department address those management integration
challenges that contributed to our designation of DHS implementation
and transformation as high risk. Specifically, we believe that
addressing these actions and outcomes within the individual management
functional areas of acquisition, information technology, financial,
and human capital management would help DHS to integrate those
functions. For example, to successfully implement the TASC program,
the Chief Financial Officer would need to work with the Chief
Procurement Officer to establish effective mechanisms for overseeing
the contractor selected to implement the TASC program; the Chief
Information Officer to ensure that data conversions and system
interfaces occur when required; and the Chief Human Capital Officer to
ensure that relevant personnel at the department and component levels
are trained on use of the TASC program once the system is implemented.
In addition, DHS should revise its strategy for management integration
to address the characteristics for such a strategy that we recommended
in 2005.
Performance measurement. DHS has not yet fully developed performance
measures or put into place structures and processes to help ensure
that the agency is managing for results. Performance measurement
underpins DHS's efforts to assess progress in strengthening programs
and operations and in implementing corrective actions to integrate and
strengthen management functions. DHS has developed performance goals
and measures for its programs and reports on these goals and measures
in its Annual Performance Report. However, DHS's offices and
components have not yet developed outcome-based performance measures
to monitor, assess, and independently evaluate the effectiveness of
their plans and performance.[Footnote 35] We have reported that the
lack of outcome goals and measures hinders the department's ability to
effectively assess the results of program efforts and whether the
department is using its resources efficiently.[Footnote 36]
Over the past 2 years, we have worked with DHS to provide feedback on
the department's Government Performance and Results Act (GPRA)
performance goals and measures through meetings with officials from
the department and its offices and components.[Footnote 37] Our
feedback has ranged from pointing out components' limited use of
outcome-oriented performance measures to assess the results or
effectiveness of programs to raising questions about the steps taken
by DHS or its components to ensure the reliability and verification of
performance data. In response to this feedback and its own internal
review efforts, DHS took action to develop and revise its GPRA
performance goals and measures for some areas in an effort to
strengthen its ability to assess its outcomes and progress in key
management and mission areas. For example, from fiscal year 2008 to
2009, DHS reported adding 58 new measures, retiring 18 measures, and
making description improvements to 67 existing performance measures.
From fiscal year 2009 to 2010, DHS reported adding 32 new performance
measures, retiring 24 measures, and making description improvements to
37 existing performance measures. DHS is continuing to work on
developing and revising its performance measures to improve its focus
on assessing results and outcomes and to align its measures to the
goals and objectives established by the Quadrennial Homeland Security
Review. In August and September 2010, we provided feedback on the
department's proposals for outcome-oriented performance measures
aligned with the Quadrennial Homeland Security Review's goals and
objectives. We look forward to continuing working with the department
to provide feedback to help strengthen its ability to assess the
outcomes of its efforts.
DHS Has Taken Actions to Transform into an Integrated Department, but
Has Not Yet Fully Addressed Its Transformation Challenges:
Since we first designated the implementation and transformation of DHS
as high risk in 2003, the department has made progress in its
transformation efforts in relation to the five criteria we established
in November 2000 for removing agencies from the high-risk list, but
has not yet fully addressed its transformation, management, and
mission challenges, such as implementing effective management policies
and deploying capabilities to secure the border and other sectors. In
January 2009, we reported that DHS had developed its Integrated
Strategy for High Risk Management outlining the department's overall
approach for managing its high-risk areas and the department's
processes for assessing risks and proposing initiatives and corrective
actions to address its risks and challenges.[Footnote 38] We also
reported that DHS had developed corrective action plans to address
challenges in the areas of acquisition, financial, human capital, and
information technology management. The corrective action plans
addressed some, but not all, of the factors we consider in determining
whether agencies can be removed from our high-risk list. Specifically,
the strategy and corrective action plans identified senior officials
with the responsibility for managing DHS's transformation high-risk
area and for implementing the corrective action plans. The strategy
and plans defined some root causes for problems within management
areas, identified initiatives and corrective actions to address the
causes, and established milestones for completing initiatives and
actions, though we noted that these elements could have been better
defined to, for example, more clearly address the management
challenges we have identified. The strategy also included a framework
for DHS to monitor the implementation of its corrective action plans
primarily through various departmentwide committees:
However, we reported that the strategy and corrective action plans did
not contain measures to gauge the department's progress and
performance in implementing corrective actions, or identify the
resources needed by DHS for carrying out the corrective actions
identified. The strategy and corrective actions plans consistently
cited limited resources as a challenge or constraint in implementing
corrective actions. Further, we reported that required elements in the
strategy and corrective action plans could be strengthened or
clarified, including linking initiatives and corrective actions in the
corrective action plans to root causes and milestones. In addition, we
reported that while DHS had developed a framework for monitoring
progress, the department had just begun to implement its corrective
action plans. We recommended that for DHS to successfully transform
into a more effective organization, it needed to (1) revise its
Integrated Strategy for High Risk Management and related corrective
action plans to better define root causes, include resources required
to implement corrective actions, and identify key performance measures
to gauge progress; and (2) continue to identify, refine, and implement
corrective actions to improve management functions and address
challenges. We have identified and communicated to DHS specific
actions and outcomes that we believe the department needs to address
within each of its management areas and for management integration. We
believe that these actions and outcomes will help DHS address our high-
risk criteria by, among other things, identifying root causes for
problems within each management area, developing and implementing
corrective actions to address those root causes, and demonstrating
measurable, sustainable progress in implementing the correction
actions.
Since our 2009 high-risk update, DHS has taken actions to address the
high-risk designation. For example, DHS and GAO have held regular,
joint meetings, including periodic meetings that also involve Office
of Management and Budget officials, to discuss the department's
progress in addressing the high risk designation and its overall
transformation efforts. DHS and GAO have also discussed the
department's planned revisions to its Integrated Strategy for High
Risk Management and corrective action plans for its management areas.
However, as of September 2010, DHS has not yet provided us with an
updated strategy or corrective actions plans to address the high-risk
designation, as promised. DHS officials told us that the department is
currently revising its strategy and will provide us with the updated
strategy in the coming months. We will continue to assess DHS's
implementation and transformation efforts, including any updated
strategy and corrective action plans, as part of our work for the 2011
high-risk update, which we plan to issue in January 2011.
This concludes my prepared testimony. I would be happy to respond to
any questions that members of the Subcommittee may have.
Contacts and Acknowledgments:
For questions regarding this testimony, please contact Cathleen A.
Berrick, Managing Director, Homeland Security and Justice at (202) 512-
3404 or berrickc@gao.gov, or David C. Maurer, Director, Homeland
Security and Justice at (202) 512-9627 or maurerd@gao.gov. Contact
points for our Offices of Congressional Relations and Public Affairs
may be found on the last page of this testimony. Other key
contributors to this statement were Rebecca Gambler, Assistant
Director; Minty Abraham; Labony Chakraborty; Tara Jayant; Thomas
Lombardi; Emily Suarez-Harris; and Juan Tapia-Videla.
[End of section]
Related GAO Products:
Department of Homeland Security: Assessments of Selected Complex
Acquisitions, [hyperlink, http://www.gao.gov/products/GAO-10-588SP]
(Washington, D.C.: June 30, 2010).
Department of Homeland Security: DHS Needs to Comprehensively Assess
Its Foreign Language Needs and Capabilities and Identify Shortfalls,
[hyperlink, http://www.gao.gov/products/GAO-10-714] (Washington, D.C.:
June 22, 2010).
Department of Homeland Security: A Comprehensive Strategy Is Still
Needed to Achieve Management Integration Departmentwide, [hyperlink,
http://www.gao.gov/products/GAO-10-318T] (Washington, D.C.: Dec. 15,
2009).
Financial Management Systems: DHS Faces Challenges to Successfully
Consolidating Its Existing Disparate Systems, [hyperlink,
http://www.gao.gov/products/GAO-10-76] (Washington, D.C.: December 4,
2009).
Department of Homeland Security: Actions Taken Toward Management
Integration, but a Comprehensive Strategy Is Still Needed, [hyperlink,
http://www.gao.gov/products/GAO-10-131] (Washington, D.C.: November
20, 2009).
Homeland Security: Despite Progress, DHS Continues to Be Challenge in
Managing Its Multi-Billion Dollar Investment and Large-Scale
Information Technology Systems, [hyperlink,
http://www.gao.gov/products/GAO-09-1002T] (Washington, D.C.: September
15, 2009).
Equal Opportunity Employment: DHS Has Opportunities to Better Identify
and Address Barriers to EEO in Its Workforce, [hyperlink,
http://www.gao.gov/products/GAO-09-639] (Washington, D.C.: August 31,
2009).
High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-09-271] (Washington, D.C.: January
2009).
Department of Homeland Security: Progress Made in Implementation of
Management Functions, but More Work Remains, [hyperlink,
http://www.gao.gov/products/GAO-08-646T] (Washington, D.C.: April 9,
2008).
Department of Homeland Security: Progress Report on Implementation of
Mission and Management Functions, [hyperlink,
http://www.gao.gov/products/GAO-07-454] (Washington, D.C.: August 17,
2007).
Homeland Security: Departmentwide Integrated Financial Management
Systems Remain a Challenge, [hyperlink,
http://www.gao.gov/products/GAO-07-536] (Washington, D.C.: June 21,
2007).
Department of Homeland Security: A Comprehensive and Sustained
Approach Needed to Achieve Management Integration, [hyperlink,
http://www.gao.gov/products/GAO-05-139] (Washington, D.C.: March 16,
2005).
Results-Oriented Cultures: Implementation Steps to Assist Mergers and
Organizational Transformations, [hyperlink,
http://www.gao.gov/products/GAO-03-669] (Washington, D.C.: July 2,
2003).
Determining Performance and Accountability Challenges and High Risks,
[hyperlink, http://www.gao.gov/products/GAO-01-159SP] (Washington,
D.C. November 2000).
[End of section]
Footnotes:
[1] Department of Homeland Security, One Team, One Mission, Securing
Our Homeland: U.S. Department of Homeland Security Strategic Plan,
Fiscal Years 2008-2013 (Washington, D.C.); Department of Homeland
Security, Quadrennial Homeland Security Review Report: A Strategic
Framework for a Secure Homeland (Washington, D.C., February 2010); and
Department of Homeland Security, Bottom-Up Review Report (Washington,
D.C., July 2010). We are currently assessing DHS's Quadrennial
Homeland Security Review and will report on the results of that work
later this year.
[2] GAO, Department of Homeland Security: Progress Made in
Implementation of Management Functions, but More Work Remains,
[hyperlink, http://www.gao.gov/products/GAO-08-646T] (Washington,
D.C.: Apr. 9, 2008).
[3] We have identified six high-risk areas involving DHS that need
broad-based transformation to address major economy, efficiency, or
effectiveness challenges. Among the six areas that we have designated
as high risk, there are four in which DHS has primary responsibility:
(1) Implementing and Transforming the Department of Homeland Security;
(2) the National Flood Insurance Program; (3) Protecting the Federal
Government's Information Systems and the Nation's Critical
Infrastructure; and (4) Establishing Effective Mechanisms for Sharing
Terrorism-Related Information to Protect the Homeland. The other two
areas, Strategic Human Capital Management and Managing Federal Real
Property, are governmentwide areas for which DHS does not have overall
leadership responsibilities. GAO High-Risk Series: An Update,
[hyperlink, http://www.gao.gov/products/GAO-09-271] (Washington, D.C.:
Jan. 2009); High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-07-310] (Washington, D.C.: Jan. 2007);
High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-05-207] (Washington, D.C.: Jan. 2005);
and High-Risk Series: An Update, [hyperlink,
http://www.gao.gov/products/GAO-03-119] (Washington, D.C.: Jan. 2003).
[4] [hyperlink, http://www.gao.gov/products/GAO-08-646T].
[5] We define management integration as the development of consistent
and consolidated processes, systems, and people--in areas such as
information technology, financial management, procurement, and human
capital--as well as in its security and administrative services, for
greater efficiency and effectiveness.
[6] [hyperlink, http://www.gao.gov/products/GAO-09-271] and GAO,
Determining Performance and Accountability Challenges and High Risks,
[hyperlink, http://www.gao.gov/products/GAO-01-159SP] (Washington,
D.C.: November 2000).
[7] [hyperlink, http://www.gao.gov/products/GAO-09-271]. See also the
related GAO products list at the end of this statement.
[8] The Acquisition Review Board reviews DHS acquisitions for
executable business strategy, resources, management, accountability,
and alignment to strategic initiatives. It also approves acquisitions
to proceed to their next acquisition lifecycle phases upon
satisfaction of applicable criteria.
[9] An enterprise architecture is a departmentwide operational and
technological blueprint to guide and constrain acquisitions.
[10] See Pub. L. No. 110-53, § 2405(a)(3), 121 Stat. 266, 548 ( 2007)
(codified at 6 U.S.C. § 341(a)(9), and GAO, Department of Homeland
Security: A Comprehensive and Sustained Approach Needed to Achieve
Management Integration, [hyperlink,
http://www.gao.gov/products/GAO-05-139] (Washington, D.C.: Mar. 16,
2005).
[11] GAO, Homeland Security: Despite Progress, DHS Continues to Be
Challenged in Managing Its Multi-Billion Dollar Annual Investment in
Large-Scale Information Technology Systems, [hyperlink,
http://www.gao.gov/products/GAO-09-1002T] (Washington, D.C.: Sept. 15,
2009); and Information Technology Investment Management: A Framework
for Assessing and Improving Process Maturity, version 1.1, [hyperlink,
http://www.gao.gov/products/GAO-04-394G] (Washington, D.C.: March
2004). GAO's Information Technology Investment Management Framework
provides a method for evaluating and assessing an organization's
institutional capacity for selecting and managing its information
technology investments. At maturity stage three of this framework,
organizations have in place capabilities that assist in establishing
selection, control, and evaluation structures, policies, procedures,
and practices that are required by the investment management
provisions of the Clinger-Cohen Act of 1996.
[12] GAO, Department of Homeland Security: Billions Invested in Major
Programs Lack Appropriate Oversight, [hyperlink,
http://www.gao.gov/products/GAO-09-29] (Washington, D.C.: Nov. 18,
2008), and Department of Homeland Security: Better Planning and
Assessment Needed to Improve Outcomes for Complex Service
Acquisitions, [hyperlink, http://www.gao.gov/products/GAO-08-263]
(Washington, D.C.: Apr. 22, 2008).
[13] GAO, Department of Homeland Security: Assessments of Selected
Complex Acquisitions, [hyperlink,
http://www.gao.gov/products/GAO-10-588SP] (Washington, D.C.: June 30,
2010).
[14] See, for example, GAO, Best Practices: High Levels of Knowledge
at Key Points Differentiate Commercial Shipbuilding from Navy
Shipbuilding, [hyperlink, http://www.gao.gov/products/GAO-09-322]
(Washington, D.C.: May 13, 2009); Joint Strike Fighter: Significant
Challenges and Decisions Ahead, [hyperlink,
http://www.gao.gov/products/GAO-10-478T] (Washington, D.C.: Mar. 24,
2010); and Uncertainties Remain Concerning the Airborne Laser's Cost
and Military Utility, [hyperlink,
http://www.gao.gov/products/GAO-04-643R] (Washington, D.C.: May 17,
2004); and [hyperlink, http://www.gao.gov/products/GAO-10-588SP].
[15] [hyperlink, http://www.gao.gov/products/GAO-09-1002T].
[16] A system life cycle management process normally begins with
initial concept development and continues through requirements
definition to design, development, various phases of testing,
implementation, and maintenance.
[17] Rescue 21 is a Coast Guard program to modernize a 30-year-old
search and rescue communications system used for missions 20 miles or
less from shore, referred to as the National Distress and Response
System. SBInet is the technology component of a U.S. Customs and
Border Protection program known as the Secure Border Initiative, which
is to help secure the nation's borders and reduce illegal immigration
through physical infrastructure (e.g., fencing), surveillance systems,
and command, control, communications, and intelligence technologies.
[18] [hyperlink, http://www.gao.gov/products/GAO-09-1002T] and
[hyperlink, http://www.gao.gov/products/GAO-04-394G].
[19] A material weakness is a significant deficiency, or a combination
of significant deficiencies, that result in more than a remote
likelihood that a material misstatement of the financial statements
will not be prevented or detected. A significant deficiency is a
control deficiency, or combination of control deficiencies, that
adversely affects the entity's ability to initiate, authorize, record,
process, or report financial data reliably in accordance with
generally accepted accounting principles such that there is more than
a remote likelihood that a misstatement of the entity's financial
statements that is more than inconsequential will not be prevented or
detected.
[20] GAO, Homeland Security: Departmentwide Integrated Financial
Management Systems Remain a Challenge, [hyperlink,
http://www.gao.gov/products/GAO-07-536] (Washington, D.C.: Jun. 21,
2007), and Financial Management Systems: DHS Faces Challenges to
Successfully Consolidating Its Existing Disparate Systems, GAO-10-76
(Washington, D.C.: Dec. 4, 2009).
[21] Disciplined processes have been shown to reduce the risks
associated with software development and acquisition efforts to
acceptable levels and are fundamental to successful system
implementations. A disciplined process includes, among other things,
management, testing, data conversion and system interfaces, risk and
project management, and other related financial management activities.
[22] Pub. L. No. 104-208, Div. A, tit. I § 101(f), tit. VIII, 110
Stat. 3009, 3009-389 (1996). See generally 31 U.S.C. § 3512 and
accompanying note. This act requires agencies to implement financial
management systems that substantially comply with (1) federal
financial management systems requirements, (2) federal accounting
standards, and (3) the U.S. Standard General Ledger at the transaction
level.
[23] Division A, Section 101(f), Title VIII of Public Law 104-208.
[24] DHS, Human Capital Strategic Plan, Fiscal Years 2009-2013
(Washington, D.C.).
[25] GAO, High-Risk Series: Strategic Human Capital Management,
[hyperlink, http://www.gao.gov/products/GAO-03-120] (Washington, D.C.:
January 2003).
[26] Department of Homeland Security: 2008 Federal Human Capital
Survey Results (Washington, D.C.: 2008). The leadership and knowledge
management index indicates the extent to which employees hold their
leadership in high regard, both overall and on specific facets of
leadership. The results-oriented performance culture index indicates
the extent to which employees believe their organizational culture
promotes improvement in processes, products and services, and
organizational outcomes. The talent management index indicates the
extent to which employees think the organization has the talent
necessary to achieve its organizational goals. The job satisfaction
index indicates the extent to which employees are satisfied with their
jobs and various aspects thereof.
[27] Partnership for Public Service and the Institute for the Study of
Public Policy Implementation at the American University School of
Public Affairs, The Best Places to Work in the Federal Government
(Washington, D.C.: 2010).
[28] GAO, Equal Employment Opportunity: DHS Has Opportunities to
Better Identify and Address Barriers to EEO in Its Workforce,
[hyperlink, http://www.gao.gov/products/GAO-09-639] (Washington, D.C.:
Aug. 31, 2009). The Equal Employment Opportunity Commission uses the
term "triggers" to refer to indicators of potential barriers to equal
employment opportunity.
[29] GAO, Department of Homeland Security: DHS Needs to
Comprehensively Assess Its Foreign Language Needs and Capabilities and
Identify Shortfalls, [hyperlink,
http://www.gao.gov/products/GAO-10-714] (Washington, D.C.: June 22,
2010). DHS has a variety of responsibilities that utilize foreign
language capabilities, including investigating transnational criminal
activity and staffing ports of entry into the United States.
[30] The Federal Employee Viewpoint Survey is the Office of Personnel
Management's new name for its former Federal Human Capital Survey.
[31] [hyperlink, http://www.gao.gov/products/GAO-08-646T].
[32] Vertical integration refers to integration of these elements--
processes, systems, and people--within management functions, from the
department level down through each of the corresponding management
functions in the component agencies.
[33] Horizontal integration refers to integration of the elements
mentioned across management functions, such as the integration of
human capital management and financial management activities in areas
related to payroll. GAO, Department of Homeland Security: A
Comprehensive Strategy Is Still Needed to Achieve Management
Integration Departmentwide, [hyperlink,
http://www.gao.gov/products/GAO-10-318T] (Washington, D.C.: Dec. 15,
2009).
[34] GAO, Department of Homeland Security: Actions Taken Toward
Management Integration, but a Comprehensive Strategy Is Still Needed,
[hyperlink, http://www.gao.gov/products/GAO-10-131] (Washington, D.C.:
Nov. 20, 2009) and GAO-05-139.
[35] Outcome-based measures focus on the impact or results of
activities.
[36] GAO, Department of Homeland Security: Progress Report on
Implementation of Mission and Management Functions, [hyperlink,
http://www.gao.gov/products/GAO-07-454] (Washington, D.C.: Aug. 17,
2007).
[37] GPRA requires executive agencies to complete strategic plans in
which they define their missions, establish results-oriented goals,
and identify the strategies that will be needed to achieve those
goals. GPRA also requires executive agencies to prepare annual
performance plans that articulate goals for the upcoming fiscal year
that are aligned with their long-term strategic goals. Finally, GPRA
requires executive agencies to measure performance toward the
achievement of the goals in the annual performance plan and report
annually on their progress in program performance reports.
[38] [hyperlink, http://www.gao.gov/products/GAO-09-271].
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548: