Federal Protective Service

Actions Needed to Resolve Delays and Inadequate Oversight Issues with FPS's Risk Assessment and Management Program Gao ID: GAO-11-705R July 15, 2011

The Federal Protective Service (FPS), which is within the Department of Homeland Security's (DHS) National Protection and Programs Directorate (NPPD), is responsible for protecting the more than 1 million federal employees and members of the public who work in and visit the over 9,000 federal facilities owned or leased by the General Services Administration (GSA) from a potential terrorist attack or other acts of violence. To accomplish its facility protection mission, FPS has about 1,200 full-time employees and approximately 13,200 contract security guards. FPS has an annual budget of about $1 billion and receives its funding from the revenues and collections of security fees charged to tenant agencies for protective services such as facility security assessments (FSA) and providing contract security guard services. Since 2008, we have issued numerous reports that address major challenges FPS faces in protecting federal facilities. For example, in 2009 and 2010 we reported that FPS had problems completing high-quality FSAs in a timely manner and did not provide adequate oversight of its contract guard program. In September 2007, FPS decided to address the challenges with its legacy security assessment and guard management systems with a new system. On August 1, 2008, DHS's Immigration and Customs Enforcement (ICE) competitively awarded and FPS funded a $21 million, 7-year contract to develop and maintain the Risk Assessment and Management Program (RAMP) system. RAMP is a web-enabled risk assessment and guard management system, and its initial implementation was scheduled for July 31, 2009. Among other things, RAMP is intended to: (2) provide FPS with the capability to assess risks at federal facilities based on threat, vulnerability, and consequence, and track countermeasures to mitigate those risks; and (2) improve the agency's ability to monitor and verify that its contract security guards are trained and certified to be deployed to federal facilities. In response to congressional request that we examine RAMP, this report addresses the following questions: (1) What is RAMP's current status, including whether it can be used as planned? (2) What are the factors that contributed to this status? (3) What are the actions FPS is taking to develop and implement RAMP?

RAMP is over budget, behind schedule, and cannot be used to complete FSAs and reliable guard inspections as intended. RAMP's contract award amount totals $57 million, almost three times more than the $21 million original development contract amount. As of June 2011, FPS has spent almost $35 million of the $57 million to develop RAMP. RAMP's costs increased in part because FPS changed the original system requirements and the contractor had to add additional resources to accommodate the changes. FPS also has experienced delays in developing and implementing RAMP, as it is almost 2 years behind its original July 2009 implementation date. FPS cannot use RAMP to complete FSAs because the agency did not verify the accuracy of the federal facility data it obtained from GSA or include an edit feature in RAMP that would allow inspectors to edit these data when necessary. FPS is also experiencing difficulty using RAMP to ensure that its approximately 13,200 contract guards have met training and certification requirements to be deployed at federal facilities because it does not have a process for verifying this information before it is entered into RAMP. RAMP also does not yet fully incorporate certain government security standards. For example, according to an FPS official, RAMP does not support the April 2010 ISC Physical Security Criteria for Federal Facilities because FPS did not have time to incorporate it in the June 2010 version of RAMP. FPS is planning to incorporate these standards in the next version of RAMP. Several factors have contributed to FPS being unable to use RAMP as planned. Most importantly, FPS and ICE did not adequately follow GAO's project management best practices in developing and implementing RAMP. FPS is taking some steps to address RAMP's problems. Most notably, FPS has preliminarily decided to discontinue its current RAMP development contract and is considering using a new contractor to finish developing RAMP. FPS is also working to incorporate ISC's Physical Security Criteria for Federal Facilities into RAMP before the next version is implemented. Given the technological changes that may have occurred since FPS began developing RAMP 4 years ago, there could be alternative systems that would better meet FPS's needs. However, FPS has not evaluated whether further developing RAMP is the most cost-beneficial approach compared to possible alternatives. In addition, FPS has not developed a plan to address the problems we found with RAMP, for example, ensuring the accuracy of federal facility and contract guard data. Given the challenges FPS faced thus far with developing RAMP, technological changes that may have occurred in the last 4 years, and to help guide and ensure the successful development and implementation of any risk assessment and contract guard management system, we recommend that the Secretary of Homeland Security direct the Under Secretary of NPPD and the Director of FPS to take the following four actions: (1) evaluate whether it is cost-beneficial to finish developing RAMP or if other alternatives for completing FSAs and managing security guards would be more appropriate, (2) increase the use of project management best practices by managing requirements and conducting user acceptance testing for any future RAMP development efforts, (3) establish a process for verifying the accuracy of federal facility and guard training and certification data before entering them into RAMP, and (4) develop interim solutions for completing FSAs and guard inspections while addressing RAMP's challenges. To improve contract administration, we recommend that the Secretary of Homeland Security direct the Directors of ICE and FPS to complete contract performance evaluations for the current RAMP contractor, and ensure that the evaluations and other required documents are maintained in the contract file in accordance with DHS's acquisition policy and the Federal Acquisition Regulation (FAR).

Recommendations

Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.

Director: Mark L. Goldstein Team: Government Accountability Office: Physical Infrastructure Phone: (202) 512-6670


The Justia Government Accountability Office site republishes public reports retrieved from the U.S. GAO These reports should not be considered official, and do not necessarily reflect the views of Justia.