Information Technology
OMB and Department of Homeland Security Investment Reviews
Gao ID: GAO-04-323 February 10, 2004
In July 2002, the Office of Management and Budget (OMB) issued two memorandums directing agencies expected to be part of the Department of Homeland Security (DHS) to temporarily cease funding for new information technology (IT) infrastructure and business systems investments and submit information to OMB on current or planned investments in these areas. GAO was asked to (1) explain OMB's implementation of these memorandums, (2) identify any resulting changes to applicable IT investments, and (3) ascertain if DHS has initiated its own investment management reviews and, if so, what the results of these reviews have been.
The July 2002 memorandums established an investment review group cochaired by OMB and the Office of Homeland Security to review submitted investments and estimated that millions of dollars potentially could be saved as a result of consolidating and integrating component agency investments. The investment review group relied on an informal, undocumented process to fulfill its responsibilities. Nevertheless, according to OMB and DHS IT officials, the review group both reviewed five component agency investments that were submitted and addressed long-term IT strategic issues related to the transition to the new department. OMB and DHS IT officials cited some changes to agency IT infrastructure and business systems investments because of the July memorandums. In addition, DHS IT officials cited other benefits that resulted from the memorandums. However, it is not known whether, or the extent to which, savings have resulted from the memorandums. In particular, OMB did not track savings associated with the July memorandums because, according to OMB IT staff, anticipated budgetary savings had not occurred at the time the review group was in place. DHS's chief information officer stated that the department plans to track savings related to the consolidation and integration of systems and has established a mechanism for doing so. However, until such savings are identified, tracked, and reported it will remain unknown whether the July memorandums and the subsequent establishment of DHS have achieved the potential economies identified by OMB. Once DHS became operational and the investment review group no longer existed, the department established its own IT investment management process, which is still evolving. As part of this process, between May 2003 and late January 2004, the DHS's highest level investment management board performed reviews of nine investments that had reached key decision points. Even with this progress, the department has identified about 100 IT programs that are eligible for review by its two top department-level boards. However, DHS has not established a process to ensure that key reviews of such IT investments are performed in a timely manner.
Recommendations
Our recommendations from this work are listed below with a Contact for more information. Status will change from "In process" to "Open," "Closed - implemented," or "Closed - not implemented" based on our follow up work.
Director:
Team:
Phone:
GAO-04-323, Information Technology: OMB and Department of Homeland Security Investment Reviews
This is the accessible text file for GAO report number GAO-04-323
entitled 'Information Technology: OMB and Department of Homeland
Security Investment Reviews' which was released on March 11, 2004.
This text file was formatted by the U.S. General Accounting Office
(GAO) to be accessible to users with visual impairments, as part of a
longer term project to improve GAO products' accessibility. Every
attempt has been made to maintain the structural and data integrity of
the original printed product. Accessibility features, such as text
descriptions of tables, consecutively numbered footnotes placed at the
end of the file, and the text of agency comment letters, are provided
but may not exactly duplicate the presentation or format of the printed
version. The portable document format (PDF) file is an exact electronic
replica of the printed version. We welcome your feedback. Please E-mail
your comments regarding the contents or accessibility features of this
document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Requesters:
February 2004:
INFORMATION TECHNOLOGY:
OMB and Department of Homeland Security Investment Reviews:
[Hyperlink, http: //www.gao.gov/cgi-bin/getrpt?GAO-04-323]:
GAO Highlights:
Highlights of GAO-04-323, a report to the Chairman, House Committee on
Government Reform and Chairman, Subcommittee on Technology, Information
Policy, Intergovernmental Relations and the Census
Why GAO Did This Study:
In July 2002, the Office of Management and Budget (OMB) issued two
memorandums directing agencies expected to be part of the Department of
Homeland Security (DHS) to temporarily cease funding for new
information technology (IT) infrastructure and business systems
investments and submit information to OMB on current or planned
investments in these areas (see figure below for a timeline).
GAO was asked to (1) explain OMB‘s implementation of these memorandums,
(2) identify any resulting changes to applicable IT investments, and
(3) ascertain if DHS has initiated its own investment management
reviews and, if so, what the results of these reviews have been.
What GAO Found:
The July 2002 memorandums established an investment review group co-
chaired by OMB and the Office of Homeland Security to review submitted
investments and estimated that millions of dollars potentially could be
saved as a result of consolidating and integrating component agency
investments. The investment review group relied on an informal,
undocumented process to fulfill its responsibilities. Nevertheless,
according to OMB and DHS IT officials, the review group both reviewed
five component agency investments that were submitted and addressed
long-term IT strategic issues related to the transition to the new
department.
OMB and DHS IT officials cited some changes to agency IT infrastructure
and business systems investments because of the July memorandums. In
addition, DHS IT officials cited other benefits that resulted from the
memorandums. However, it is not known whether, or the extent to which,
savings have resulted from the memorandums. In particular, OMB did not
track savings associated with the July memorandums because, according
to OMB IT staff, anticipated budgetary savings had not occurred at the
time the review group was in place. DHS‘s chief information officer
stated that the department plans to track savings related to the
consolidation and integration of systems and has established a
mechanism for doing so. However, until such savings are identified,
tracked, and reported it will remain unknown whether the July
memorandums and the subsequent establishment of DHS have achieved the
potential economies identified by OMB.
Once DHS became operational and the investment review group no longer
existed, the department established its own IT investment management
process, which is still evolving. As part of this process, between May
2003 and late January 2004, the DHS‘s highest level investment
management board performed reviews of nine investments that had reached
key decision points. Even with this progress, the department has
identified about 100 IT programs that are eligible for review by its
two top department-level boards. However, DHS has not established a
process to ensure that key reviews of such IT investments are performed
in a timely manner.
What GAO Recommends:
GAO is making recommendations to DHS to (1) report savings resulting
from its consolidation and integration of systems and (2) develop a
schedule for reviews of IT investments subject to departmental
oversight. In commenting on a draft of the report, OMB representatives
stated that they generally agreed with our findings and DHS officials
stated that it was factually accurate.
www.gao.gov/cgi-bin/getrpt?GAO-04-323.
To view the full product, including the scope and methodology, click on
the link above. For more information, contact David Powner at (202)
512-9286 or pownerd@gao.gov.
[End of section]
Contents:
Letter:
Results in Brief:
Background:
Implementation of OMB's July 2002 Memorandums:
Some Changes Were Made to Component Agency IT Infrastructure and
Business Systems Investments:
DHS Has Initiated Reviews of Component Agency IT Investments, but Its
Processes Are Still Evolving:
Conclusions:
Recommendations for Executive Action:
Agency Comments:
Appendix:
Appendix I: DHS Department-Level Investment Management Boards:
Tables:
Table 1: Summary of Changes to Component Agencies' IT Investments:
Table 2: Summary of IRB Control Reviews:
Figures:
Figure 1: Timeline of Events Related to the OMB Memorandums and the
Establishment of DHS:
Figure 2: DHS Investment Review Process:
Abbreviations:
ACE: Automated Commercial Environment:
CAPPS II: Computer Assisted Passenger Prescreening System:
CIO: chief information officer:
DHS: Department of Homeland Security:
IRB: Investment Review Board:
IT: information technology:
OMB: Office of Management and Budget:
US-VISIT: United States Visitor and Immigrant Status Indicator
Technology:
Letter February 10, 2004:
The Honorable Tom Davis:
Chairman, Committee on Government Reform:
House of Representatives:
The Honorable Adam H. Putman:
Chairman, Subcommittee on Technology, Information Policy,
Intergovernmental Relations and the Census:
Committee on Government Reform:
House of Representatives:
The Homeland Security Act of 2002 (P.L. 107-296), which was enacted in
November 2002, brought together 22 diverse agencies and created a new
cabinet-level department--the Department of Homeland Security (DHS)--
to help prevent terrorist attacks in the United States, reduce the
vulnerability of the United States to terrorist attacks, and minimize
the damage and assist in recovery from attacks that do occur. The new
DHS presents both information technology (IT) challenges and
opportunities. For example, DHS (1) faces considerable challenges in
integrating the many systems and processes that provide management with
information necessary for decision making and (2) offers opportunities
to identify and eliminate redundant investments and achieve more
efficiencies in IT investments.
To begin to tackle these issues even before the department was formed,
the Office of Management and Budget (OMB) in July 2002 issued two
memorandums directing federal agencies[Footnote 1] that were expected
to be part of the new department to temporarily cease funding for new
IT infrastructure and business systems investments and submit
information to OMB on current or planned investments in these areas.
[Footnote 2] These memorandums also established an investment review
group,[Footnote 3] co-chaired by OMB and the Office of Homeland
Security, to review investments that met the criteria in the July
memorandums. In October 2002, we testified that it was too early to
assess the impact of OMB's action because agency submissions were still
being evaluated.[Footnote 4]
Since DHS has now been established, you requested that we follow up on
our prior testimony and (1) explain how OMB implemented the July 2002
memorandums; (2) identify what, if any, changes to agency IT
investments resulted from the July memorandums and the Homeland
Security IT Investment Review Group's evaluations (hereafter called the
review group); and (3) ascertain whether DHS has initiated its own
investment management reviews and, if so, what the results of these
reviews have been. To address the first objective, we sought available
documentation on the criteria and process used by the investment review
group to make decisions. Likewise for the second objective, we sought
documentation from OMB and applicable DHS component agencies on
decisions made by the investment review group and on changes to IT
investments that resulted from the July 2002 memorandums. However,
according to OMB and DHS IT officials, the processes used and decisions
made by the review group and the DHS component agencies were not
documented. As a result, we largely relied upon interviews with
applicable OMB and DHS IT officials--including representatives from
OMB's Office of Information and Regulatory Affairs, the DHS chief
information officer (who is also the former Office of Homeland Security
co-chair of the investment review group), and DHS component agency IT
officials--to address the first two objectives. To address the third
objective, we reviewed DHS's IT investment management review policies
and documentation of DHS reviews performed of component agency IT
investments. This documentation included decision memorandums issued by
its highest level investment management board on the results of its
reviews. We also interviewed the DHS chief information officer (CIO),
chief technology officer, and the coordinator of the DHS investment
review process. We performed our work at OMB and DHS in Washington,
D.C., between July 2003 and January 2004, in accordance with generally
accepted government auditing standards.
Results in Brief:
The Homeland Security IT Investment Review Group relied on an informal
and undocumented process to fulfill its responsibilities under the July
2002 memorandums. Nevertheless, according to OMB and DHS IT officials,
the review group both reviewed the few component agency investments
that were submitted for approval and addressed long-term issues related
to the transition to the new department. In particular, OMB IT
representatives stated that when the establishment of DHS became closer
in time the investment review group shifted its focus to IT strategic
issues related to the transition to the proposed department.
OMB and DHS IT officials cited some changes to agency IT infrastructure
and business systems investments because of the July memorandums. The
component agencies submitted five requests to the review group, which
recommended their approval but with conditions. An example of a request
that was recommended for approval was the Secret Service's request to
procure search engine software. According to Secret Service, OMB, and
DHS IT officials, this request was recommended for approval with the
condition that the contractual document allow other component agencies
to use the search engine. Four component agencies also reported other
changes, including putting planned enhancements on hold, as a result of
the July memorandums. However, it is not known whether, or the extent
to which, savings have resulted from the memorandums. In particular,
OMB did not track the savings associated with the July memorandums
because, according to OMB IT staff, budgetary savings had not occurred
at the time that the review group was in place. Until savings resulting
from the consolidation and integration of systems and services are
identified, tracked, and reported it will remain unknown whether OMB's
July memorandums and the subsequent establishment of DHS have achieved
the potential economies identified by OMB in the memorandums.
Once DHS became operational and the investment review group no longer
existed, the department established its own IT investment management
process, which is still evolving. As part of this process, DHS's CIO
reported that he approved the department's IT portfolio for the fiscal
year 2005 budget cycle. In addition, between May 2003 and late January
2004, the department's highest level investment management board had
performed control reviews[Footnote 5] on nine investments that had
reached certain key decision points. In each of these cases the project
was allowed to proceed but additional documentation was required and/or
conditions set. Although DHS is making progress in reviewing component
agency projects, the department has identified about 100 IT programs
that are eligible for review by its two top-level departmental
investment management boards. According to IT officials, DHS is having
difficulty in bringing all of these programs before the boards in a
timely manner. Moreover, DHS has not established a process to ensure
that key reviews of component agency IT investments subject to
departmental reviews are performed in a timely manner, although it has
begun to collect information on the priorities and schedules of its
top-level investments as a first step.
We are making recommendations to DHS that it report the savings that
result from its consolidation and integration of systems and services
and develop a control review schedule for IT investments subject to
departmental oversight.
We received oral comments on a draft of this report from OMB and DHS
representatives, who stated that they generally agreed with our
findings and that it was factually accurate, respectively.
Background:
With the terrorist attacks of September 11, 2001, the threat of
terrorism rose to the top of the country's national security and law
enforcement agendas. In response to these growing threats, the Congress
passed and the President signed the Homeland Security Act of 2002,
which created DHS. We have previously identified IT management as
critical to the transformation of the new department.[Footnote 6] Not
only does DHS face considerable challenges in integrating the many
systems and processes that provide management with information for
decision making, but it must sufficiently identify its future needs in
order to build effective systems that can support the national homeland
security strategy in the coming years. To jump start this planning
process and also begin to identify opportunities for improved
effectiveness and economy, OMB issued two memorandums in July 2002 to
selected agencies telling them to "cease temporarily" and report on new
IT infrastructure and business systems investments above $500,000.
Mission, Organization, and Role of IT in DHS:
On March 1, 2003, DHS assumed operational control of nearly 180,000
employees from 22 incoming agencies and offices. In establishing the
new department, the Congress articulated a seven-point mission for DHS:
* Prevent terrorist attacks within the United States.
* Reduce the vulnerability of the United States to terrorism.
* Minimize the damage and assist in the recovery from terrorist
attacks.
* Carry out all functions of entities transferred to the department,
including by acting as a focal point regarding natural and man-made
crises and emergency planning.
* Ensure that the functions of the agencies within the department that
are not directly related to securing the homeland are not diminished or
neglected.
* Ensure that the overall economic security of the United States is not
diminished by efforts aimed at securing the homeland.
* Monitor connections between illegal drug trafficking and terrorism,
coordinate efforts to sever such connections, and otherwise contribute
to efforts to interdict illegal drug trafficking.
To help DHS accomplish its mission, the Homeland Security Act of 2002
establishes four mission-related directorates, the (1) Border and
Transportation Security directorate, (2) Emergency Preparedness and
Response directorate, (3) Science and Technology directorate, and (4)
Information Analysis and Infrastructure Protection directorate. In
addition to these directorates, the U.S. Secret Service and the U.S.
Coast Guard remain intact as distinct entities within DHS; Immigration
and Naturalization Service adjudications and benefits programs report
directly to the deputy secretary as the Bureau of Citizenship and
Immigration Services, and the Management directorate is responsible for
budget, human capital, and other general management issues.[Footnote 7]
According to the most recent President's budget, DHS expects to make
about $4 billion in IT investments in fiscal year 2004--the third
largest IT investment budget in the federal govenment.[Footnote 8] In
addition, as we have testified, information management and technology
are among the critical success factors that the new department should
emphasize in its initial implementation phase.[Footnote 9] For example,
DHS currently has several ongoing IT projects that are critical to the
effective implementation of its mission, such as the:
* Integrated Surveillance Intelligence System, which is to provide "24
by 7" border coverage through ground-based sensors, fixed cameras, and
computer-aided detection capabilities;
* Student Exchange Visitor Information System, which is expected to
manage information about nonimmigrant foreign students and exchange
visitors from schools and exchange programs;
* Automated Commercial Environment project, which is to be a new trade
processing system;[Footnote 10] and:
* United States Visitor and Immigrant Status Indicator Technology (US-
VISIT), a governmentwide program intended to improve the nation's
capacity for collecting information on foreign nationals who travel to
the United States, as well as control the pre-entry, entry, status, and
exit of these travelers.[Footnote 11]
Moreover, as all of the programs and agencies are brought together in
the new department, it will be an enormous undertaking to integrate
their diverse communication and information systems. Among the IT
challenges that the new department will have to face and overcome are
developing, maintaining, and implementing an enterprise
architecture,[Footnote 12] and establishing and enforcing a disciplined
IT investment management process (which includes establishing an
effective selection, control, and evaluation process).[Footnote 13] The
department's ability to overcome these challenges is complicated by the
IT management problems that its major components had when they
transferred to DHS. Specifically, as we previously reported, we still
have numerous outstanding IT management recommendations that require
action at component agencies, such as the Customs Service and the Coast
Guard.[Footnote 14]
OMB's July 2002 Memorandums on IT Infrastructure and Business Systems
Investments:
Figure 1 illustrates the timing of OMB's July 2002 memorandums. These
memorandums instructed selected agencies to (1) cease temporarily new
IT infrastructure and business systems (i.e., financial management,
procurement, and human resources systems) investments above $500,000
pending a review of the investment plans of all proposed DHS component
agencies; (2) identify and submit to OMB information on any current or
planned spending on these types of initiatives; and (3) participate in
applicable IT investment review groups co-chaired by OMB and the Office
of Homeland Security.
Figure 1: Timeline of Events Related to the OMB Memorandums and the
Establishment of DHS:
[See PDF for image]
[End of figure]
According to OMB, its goal in issuing these memorandums was to seek
opportunities for improved effectiveness and economy. In addition,
according to officials from OMB's Office of Information and Regulatory
Affairs, another purpose was to obtain an inventory of current and
planned IT infrastructure and business systems investments for
organizations to be moved to DHS, which was expected to help in the
administration's transition planning.
Although OMB directed selected agencies to temporarily cease these
investments, it did not necessarily mean that work was to be stopped on
all IT infrastructure and business systems projects at the applicable
agencies. First, the memorandums only pertained to funding for new
development efforts and not to existing systems in a "steady state"
using operations and maintenance funding. Second, the cessation did not
apply if funds pertaining to a development or acquisition contract had
already been obligated. Third, agencies could request an expedited
review to obtain the approval to proceed if they had an emergency or
critical need. The following are examples of how OMB's direction to
temporarily cease IT investments would apply in certain circumstances.
* If an agency had an existing procurement system in a steady state in
which no major modifications or modernization efforts were planned,
there would have been no effect on the funding of this system.
* If an agency had an ongoing contract with available obligations for
the development of a financial management system, there would have been
no effect on this contract, but new obligations for development or
modernization efforts would have been required to be approved by the
review group.
* If an agency wanted to award a contract over $500,000 for a new or
modernized IT infrastructure item such as a local area network, it
would have been required to obtain approval from the investment review
group before proceeding.
Our testimony of October 2002, stated that it was not possible to
assess the full effect of the July memorandums on the selected agencies
at that time.[Footnote 15] Except for emergency requests, according to
representatives from OMB's Office of Information and Regulatory
Affairs, the review group had not taken any action at the time of our
review on the agencies' submissions in response to the July memorandums
because neither they nor OMB had completed their reviews of these
documents.
Implementation of OMB's July 2002 Memorandums:
The July memorandums called on the Homeland Security IT Investment
Review Group to assess individual IT investments as part of considering
whether to consolidate or integrate component agency efforts. In
fulfilling this role, the review group relied on an informal process,
which was not documented. Although the review group reviewed the few
investments that component agencies submitted, according to OMB and DHS
IT officials, the group generally addressed broader issues related to
the transition to the new department. In particular, these officials
noted that the review group concentrated on longer term IT strategic
issues, such as those related to the development of an enterprise
architecture, associated with the transition to the proposed
department.
The investment review group was tasked with (1) reviewing component
agency IT investment submissions that met the criteria in the
memorandums, and (2) making recommendations related to these
submissions, including looking for opportunities to consolidate and
integrate component agency investments. According to OMB IT
representatives, the group generally met once a week but did not have a
documented process for performing reviews of the few component agency
investments that were submitted for review. These officials reported
that in the review process that was implemented, (1) agencies requested
approval of selected IT investments, (2) OMB and the investment review
group reviewed the agency submission, and (3) the review group made a
recommendation. Once this recommendation was made, the normal budget
execution process was implemented. Moreover, according to these
representatives, the investment review group used the principles
contained in section 300 of OMB Circular A-11 and section 8(b) of OMB
Circular A-130 as the criteria for evaluating submitted
investments.[Footnote 16] In addition, in commenting on a draft of this
report, representatives from OMB's Office of Information and Regulatory
Affairs and Office of the General Counsel stated that although the
activities of the Homeland Security IT Investment Review Group were
generally conducted on an informal basis, the group relied on the
already-existing processes documented in these circulars to fulfill its
responsibilities.
According to OMB IT representatives, when the establishment of DHS
became closer in time, the focus of the review group shifted from
reviewing individual investments to addressing the IT strategic issues
involved with establishing the department. In particular, according to
DHS officials, the review group created six working groups to address,
respectively, business architecture, networks, information security,
Web management, directory services (e.g., e-mail capability), and
technical reference model issues. In addition, according to these
officials, the investment review group took into account transition
work being performed by other entities. For example, the review group
worked with a liaison from the Chief Financial Officers Council, which
was looking at financial management system matters related to the new
department.
Some Changes Were Made to Component Agency IT Infrastructure and
Business Systems Investments:
The July 2002 memorandums resulted in some changes to agency IT
infrastructure and business systems investments. Specifically,
according to OMB and DHS IT officials, the review group recommended
approval with conditions the five IT investments submitted to it and
four component agencies reported that they changed other initiatives as
a result of the memorandums. However, it is not known whether, or the
extent to which, savings have resulted from the memorandums. In
particular, OMB did not track the savings associated with the July
memorandums because, according to OMB IT representatives, budgetary
savings had not occurred when the review group was in place.
Nevertheless, OMB and DHS IT officials cited other benefits that
resulted from the memorandums, such as the identification of ongoing
component agency efforts or resources that were important to the
operation of the department at its inception.
Four component agencies submitted five IT investment requests to be
reviewed by the review group. According to OMB and DHS IT officials,
all of these requests were recommended for approval with conditions. In
addition, four component agencies reported that on their own initiative
that they terminated, delayed, or changed other initiatives as a result
of the July memorandums. (See table 1.):
Table 1: Summary of Changes to Component Agencies' IT Investments:
Component agency[A]: Animal and Plant Health Inspection Service;
Reported investment request/decision by the Homeland Security
IT Investment Review Group: Did not request any decisions;
Investment decision reported by the component agency:
* Stopped expansion and maintenance of the Plant Protection and
Quarantine Small Site Data Communications Infrastructure;
* Put on hold further development of the Automated Target System.
Future enhancements to this system are still on hold pending DHS-wide
decisions.
Component agency[A]: Coast Guard;
Reported investment request/decision by the Homeland Security
IT Investment Review Group: Submitted an emergency request to proceed
with a licensing agreement with Microsoft. This was recommended for
approval with the condition that the agreement be expanded to include
other DHS entities. (According to Coast Guard IT officials, the
licensing agreement was not expanded to include other DHS entities, but
they could not explain why the review group's condition was not
met.)[B];
Investment decision reported by the component agency: Did not report
any other changes as a result of the July memorandums.
Component agency[A]: Customs Service;
Reported investment request/decision by the Homeland Security
IT Investment Review Group: Submitted a nonemergency request to procure
a new e-mail system. The review group agreed with the procurement of a
new e-mail system but recommended a different technical solution. As of
early January 2004, this solution had not yet been implemented;
Investment decision reported by the component agency: Did not report
any other changes as a result of the July memorandums.
Component agency[A]: Federal Emergency Management Agency;
Reported investment request/decision by the Homeland Security
IT Investment Review Group: Did not request any decisions;
Investment decision reported by the component agency:
* Terminated a planned correspondence tracking system.[C;
* Terminated a planned personnel resources information system;
* Integrated five infrastructure projects into ongoing DHS initiatives;
* Scaled back its enterprise resource planning project pending DHS-wide
decisions;
* Scaled back planned upgrades to its financial management system
pending DHS-wide decisions.
Component agency[A]: Immigration and Naturalization Service;
Reported investment request/decision by the Homeland Security
IT Investment Review Group: Did not request any decisions;
Investment decision reported by the component agency:
* Put on hold planned enhancements to its core financial management
system pending DHS-wide decisions. These enhancements are still on
hold;
* Put on hold a planned replacement of its Correspondence Control and
Task Tracking System, which remains on hold;
* Put on hold planned enhancements to Atlas, an initiative to upgrade
its IT infrastructure, pending DHS-wide decisions. These enhancements
are still on hold.
Component agency[A]: Secret Service;
Reported investment request/decision by the Homeland Security
IT Investment Review Group: Submitted an emergency request to procure a
search engine that would conduct database searches across the agency.
This request was recommended for approval with the condition that the
procurement include other DHS entities;
Investment decision reported by the component agency: Did not report
any other changes as a result of the July memorandums.
Component agency[A]: Transportation Security Administration;
Reported investment request/decision by the Homeland Security
IT Investment Review Group:
* Submitted an emergency request to proceed with a task order for a
managed services contract, which was recommended for approval with the
condition that the contract be expanded to include other DHS entities;
* Submitted a nonemergency request to procure network infrastructures
at airports. This request was recommended for approval with the
condition that the agency use, to the extent possible, the existing
airport infrastructure capabilities of the Customs Service and the
Immigration and Naturalization Service. The Transportation Security
Administration was also directed to work with these agencies when a
need for network infrastructure is identified at specific airports;
Investment decision reported by the component agency: Delayed the
agency's plans for "back office" systems, such as human resources and
payroll systems. According to the Transportation Security
Administration's CIO, a final decision on these efforts is awaiting
DHS-wide decisions.
Source: OMB, DHS, and component agency IT officials.
[A] For the purposes of this table, we used the names of the component
agencies that were employed at the time of the July 2002 memorandums.
Some of these names changed after DHS was established.
[B] According to the DHS CIO, this lack of compliance with the
investment review group's condition was mitigated by the later
implementation of a DHS-wide Microsoft enterprise license.
[C] The Federal Emergency Management Agency reported that this project
was terminated, in part, because of the July 2002 memorandums.
[End of table]
The July memorandums stated that initial estimates indicated that
potential savings of between $100 million and $200 million (IT
infrastructure) and $65 million and $85 million (business systems)
could be achieved over a 2-year period[Footnote 17] as a result of
consolidating and integrating component agency investments. OMB
reported to congressional committees that these estimates were based
primarily on best practices in the federal government and private
industry. However, an OMB IT representative stated that these estimates
were a rough approximation and that no documentation existed to support
how they were derived.
The July memorandums also stated that the review group would track
these savings. Moreover, OMB reported to congressional committees that
this tracking would include a breakout of the savings, the cause of the
savings, and the time period in which the savings would be generated.
However, a tracking process was not established because, according to
an OMB IT representative, no budgetary savings had occurred at the time
that the investment review group was in place since no investment was
terminated by the group. According to this representative, OMB still
believes that budgetary savings will occur and expects that DHS will
track these savings. Moreover, this representative stated that OMB will
be actively working with DHS as part of its budgetary and management
processes to ensure that such savings occur.
DHS's CIO agreed that savings are expected to result from the
department's consolidation and integration of systems. Moreover, he
stated that DHS will be tracking such savings and has established a
mechanism for doing so. Specifically, the CIO pointed to DHS's
establishment of IT commodity councils--groups that are responsible for
a collection of related materials or services--that would perform this
function. According to the Director of Strategic Sourcing and
Acquisition Systems, the councils have established project teams that
are responsible for tracking savings. According to this official, each
project is in the process of developing their project plans,
departmental requirements, and savings targets. Until savings resulting
from the consolidation and integration of systems and services are
identified, tracked, and reported, it will remain unknown whether OMB's
July memorandums and the subsequent establishment of DHS have achieved
the potential economies identified by OMB. In addition, DHS IT
officials stated that they were not aware of any plans to report
budgetary savings resulting from the consolidation and integration of
systems to applicable congressional committees. Such savings
information is an important element for the Congress to consider when
deliberating DHS budget requests and overseeing its IT management.
Moreover, the Chairman of the House Committee on Government Reform has
previously expressed concern that there has been a tremendous push for
additional IT spending at DHS component agencies without ensuring
appropriate management or accountability.
Although budgetary savings have not yet been identified, DHS IT
officials, including the CIO, cited other benefits to the July
memorandums. In particular, DHS IT officials estimated that several
million dollars in costs have been avoided as a result of the Secret
Service decision. (A Secret Service IT official provided an explanation
of how this estimate was derived, but we could not validate this amount
because it was not clearly supported by the documentation provided.) In
addition, the CIO stated that the investment review group evolved into
the department's CIO Council, which is responsible for developing,
promulgating, implementing, and managing a vision and direction for
information resources and telecommunications management. Further, the
DHS chief technology officer reported that the review group provided
the new department with a head start on day one operations by, for
example, deciding to use the Immigration and Naturalization Service's
network backbone for the department. Finally, these and DHS component
agency IT officials stated that the memorandums facilitated the
department's long-term IT planning efforts, including the development
of an enterprise architecture.[Footnote 18]
DHS Has Initiated Reviews of Component Agency IT Investments, but Its
Processes Are Still Evolving:
Once DHS became operational and the investment review group established
by the July memorandums no longer existed, the department established
an IT investment management process that includes departmental reviews
of component agency IT investments meeting certain criteria. As part of
the selection phase[Footnote 19] of this process, DHS's CIO reported
that he approved the department's IT portfolio as part of the fiscal
year 2005 budget cycle. In addition, as of January 26, 2004, the
department's highest level investment management board had performed
control reviews[Footnote 20] of nine investments that had reached key
decision points. In each of these cases, the project was allowed to
proceed although additional documentation was required and/or
conditions were set. Finally, the department's investment management
process is still evolving as the department attempts to deal with a
large number of IT investments eligible for departmental reviews.
In May 2003, DHS issued an investment review management directive and
IT capital planning and investment control guide, which provide the
department's entities with requirements and guidance on documentation
and review of IT investments. In particular, the management directive
establishes four levels of investments, the top three of which are
subject to review by department-level boards--the Investment Review
Board (IRB), Management Review Council, and Enterprise Architecture
Board. Appendix I provides a description of these department-level
boards and the investments that they are responsible for. The directive
also establishes a five-phase acquisition process that calls for these
investments to be reviewed at key decision points, such as program
authorization. In addition, the IT capital planning and investment
control guide lays out a process for selecting, controlling, and
managing investments. Figure 2 provides an overview of the review
process outlined in the management directive and capital planning and
investment control guide.
Figure 2: DHS Investment Review Process:
[See PDF for image]
[End of figure]
As part of the selection phase of its capital planning and investment
control process, DHS reviewed component agency IT investments for its
fiscal year 2005 budget submission. Specifically, according to DHS IT
officials, (1) the CIO approved the department's IT portfolio and (2)
all of the major IT systems submitted to OMB for the fiscal year 2005
budget were assessed and scored by an investment review team.[Footnote
21]
In addition, beginning in May 2003, DHS's top-level board (the IRB)
began reviewing the department's highest priority projects. As of
January 26, 2004, the department had performed 12 control reviews of
nine investments. Table 2 summarizes the results of these reviews.
Table 2: Summary of IRB Control ReviewsA:
Sponsoring component entity: Border and Transportation Security
Directorate;
IT investment: Automated Commercial Environment (ACE);
Sponsoring component entity: Border and Transportation Security
Directorate;
Decision: Two reviews of this program were held. First, on September
25, 2003, the IRB designated this investment as a DHS level I
investment and approved its strategic direction. The IRB also decided
to reconvene when a DHS review team assessing the ACE program
documentation had completed its review. Second, on November 20, 2003,
the IRB agreed with the findings of this review team and directed that
the team's recommendations be implemented. The IRB also authorized the
approval of the program's fiscal year 2004 expenditure plan;
Sponsoring component entity: Border and Transportation Security
Directorate;
Comments: In both reviews, the IRB directed the sponsor to submit
additional documentation. In addition, in the second review the IRB
stated that DHS's Planning Analysis and Evaluation office would hold
working group meetings with ACE program staff to review the
department's comments and develop an oversight action plan.
Sponsoring component entity: Border and Transportation Security
Directorate;
IT investment: United States Visitor and Immigrant Status Indicator
Technology (US-VISIT);
Sponsoring component entity: Border and Transportation Security
Directorate;
Decision: Three reviews on this program were held. First, on May 30,
2003, US-VISIT was approved to continue work but did not receive
approval to enter into the capability development and demonstration
acquisition phase. Second, on September 8, 2003, DHS stated that
US-VISIT had not satisfied the exit criteria for increment 1 and 2.
Nevertheless, because of its importance to improving security, US-VISIT
was allowed to continue the design and deployment of its first
increment and planning for future increments concurrent with it working
on satisfying the DHS requirements set forth in the decision
memorandum. Third, the IRB reviewed US-VISIT on November 25, 2003, but
the decision memorandum was not available as of January 26, 2004;
Sponsoring component entity: Border and Transportation Security
Directorate;
Comments: At the time of the first review, the sponsor was provided
with exit criteria and dates for submission of documentation, such as
the configuration management plan and life-cycle cost estimate, which
constitutes the exit criteria for the next acquisition phase.
Sponsoring component entity: Border and Transportation Security
Directorate;
IT investment: Computer Assisted Passenger Prescreening System (CAPPS
II);
Sponsoring component entity: Border and Transportation Security
Directorate;
Decision: Designated as a DHS level I investment, approved its
strategic direction, and authorized the program to proceed with the
capability development and demonstration phase;
Sponsoring component entity: Border and Transportation Security
Directorate;
Comments: Stated that program must provide updated information prior to
requesting the next key decision point approval and required that it
address various areas of concern, such as ensuring interoperability of
data transfer, addressing privacy and policy issues, and identifying
industry savings associated with the project.
Sponsoring component entity: Citizenship and Immigration Services
Bureau;
IT investment: Immigration Services Modernization;
Sponsoring component entity: Citizenship and Immigration Services
Bureau;
Decision: Designated as a DHS level I investment and provided interim
approval to commence the capability development and demonstration
phase;
Sponsoring component entity: Citizenship and Immigration Services
Bureau;
Comments: Required that the sponsor (1) develop a transition plan that
is approved by the DHS CIO; (2) develop a plan to accelerate the
development of paperless processes and electronic archives; and (3)
submit systems documentation, such as a mission needs statement and
test and evaluation plan.
Sponsoring component entity: Coast Guard;
IT investment: Integrated Deepwater Systems Program;
Sponsoring component entity: Coast Guard;
Decision: Designated as a DHS level I investment and approved its
strategic direction;
Sponsoring component entity: Coast Guard;
Comments: Established an oversight process in which (1) DHS's Planning
Analysis and Evaluation office is to establish a reporting system to
capture key/ critical program/platform activities and attend Deepwater
program reviews, (2) the IRB deferred decisions on Key Decision Points
related to specific asset/capability types to the Coast Guard
Acquisition Executive, and (3) the IRB is to be briefed annually on the
program.
Sponsoring component entity: Management Directorate;
IT investment: Consolidated IT Security Program;
Sponsoring component entity: Management Directorate;
Decision: Designated as a DHS level I investment and provided interim
approval to commence the capability development and demonstration
phase;
Sponsoring component entity: Management Directorate;
Comments: Directed the sponsor to submit a mission needs statement and
other planning documents, including a program management plan and
operational requirements document, the successful completion of which
constitutes the exit criteria for the next acquisition phase.
Sponsoring component entity: Management Directorate;
IT investment: Homeland Secure Data Network;
Sponsoring component entity: Management Directorate;
Decision: Decision memorandum was not available as of January 26,
2004;
Sponsoring component entity: Management Directorate;
Comments: [Empty].
Sponsoring component entity: Management Directorate;
IT investment: Resource Management Transformation Program;
Sponsoring component entity: Management Directorate;
Decision: Approved mission needs statement and authorized the program's
entry into the concept & technology development phase;
Sponsoring component entity: Management Directorate;
Comments: Decision memorandum included exit criteria for the next
acquisition phase, such as the successful completion of a risk
management plan and test and evaluation plan, the successful completion
of which constitutes the exit criteria for the next acquisition phase.
Sponsoring component entity: Science and Technology Directorate;
IT investment: Wireless Public Safety Interoperable Communications
Program;
Sponsoring component entity: Science and Technology Directorate;
Decision: Designated as a DHS level I investment and approved its
strategic direction;
Sponsoring component entity: Science and Technology Directorate;
Comments: Directed the sponsor to submit a mission needs statement and
other planning documents, the successful completion of which constitute
the exit criteria for the next acquisition phase and required that a
review team be established to study funding issues.
Source: DHS.
[A] According to DHS IT officials, the Enterprise Architecture Board
approved each of these projects' presentations to the IRB prior to
their submission.
[End of table]
Although DHS is making progress in reviewing component agency projects,
its investment management process continues to evolve. In particular,
as of January 2, 2004, the department had identified about 100 IT
programs[Footnote 22] that were eligible for review by its two top-
level departmental boards and, according to IT officials, is having
difficulty in bringing all of these programs before the boards in a
timely manner. Moreover, DHS has not established a process to ensure
that control reviews of component agency IT investments are performed
in a timely manner. Specifically, although DHS's capital planning and
investment control guide states that the Office of the CIO will
maintain a control review schedule for all initiatives in the
department's IT investment portfolio, as of January 2, 2004, this
schedule has not been developed. According to the DHS IRB coordinator
and IT officials, DHS has requested information from its component
entities related to the schedules and priorities of its level 1, or
top-level, investments. These officials stated that such information
can then be used to develop a master milestone calendar for control
reviews.[Footnote 23] Control review schedules, or master milestone
calendars, are important to ensure that DHS is reviewing its highest
priority IT investments in a timely manner so as to be able to affect
changes to component agency approaches or even terminate a poorly
managed or strategically unnecessary investment, if appropriate.
DHS's CIO also stated that the department's CIO Council is developing a
peer review process for major IT projects that is expected to include
defining a life-cycle management process and a quarterly reporting
process. The CIO stated that the new process is expected to be
instituted by the end of March 2004.
Conclusions:
OMB took a prudent step in issuing its July memorandums directing
federal agencies that were expected to be part of the new department to
temporarily cease funding for new IT infrastructure and business
systems investments in anticipation of the establishment of DHS.
Although documentation of the implementation of the memorandums was
lacking, OMB and DHS IT officials outlined an approach that included
both reviewing specific IT investments and the beginning of planning
for the transition to the new department. Further, DHS component
agencies identified actions that they took, such as putting initiatives
on hold, and other benefits that resulted from the memorandums.
Nevertheless, according to OMB IT representatives, budgetary savings as
a result of the July memorandums had not occurred at the time that the
review group was in place. Although DHS has begun to establish a
mechanism to track such savings in the future, until savings resulting
from the consolidation and integration of systems and services are
identified, tracked, and reported, it will remain unknown whether OMB's
July memorandums and the subsequent establishment of DHS have achieved
the millions of dollars in potential economies identified by OMB. The
Congress would benefit from such information in its deliberations on
the department's budget and in its oversight of DHS's management of IT.
Finally, DHS has begun to perform high-level oversight of component
agency IT investments, although much remains to be accomplished and the
process for this oversight is still evolving. Accordingly, DHS
continues to face challenges in providing robust and constructive
oversight of component agency IT investments. A significant challenge
remaining is determining the current status and upcoming major
milestones of IT investments subject to departmental review in order to
schedule timely control reviews.
Recommendations for Executive Action:
To demonstrate its progress in consolidating and integrating its
systems and services, we recommend that the Secretary of Homeland
Security direct the Chief Information Officer to periodically report to
appropriate congressional committees, the budgetary savings that have
resulted from the department's IT consolidation and integration
efforts, including a breakout of the savings, the cause of the savings,
and the time period in which the savings have been, or will be,
generated.
To ensure that IT investments subject to departmental review undergo
timely control reviews, we recommend that the Secretary of Homeland
Security direct the Chief Information Officer to develop a control
review schedule for IT investments subject to departmental oversight
(i.e., level 1, 2, and 3 investments).
Agency Comments:
We received oral comments on a draft of this report from OMB and DHS.
Representatives from OMB's Office of Information and Regulatory Affairs
and Office of the General Counsel generally agreed with the findings of
the report. These representatives also provided a technical comment
that we included in the report, as appropriate. In addition, DHS's
Office of the CIO capital planning and investment control officials
stated that the report was factually accurate.
:
As agreed with your offices, unless you publicly announce the contents
of this report earlier, we plan no further distribution until 30 days
from the report date. At that time, we will send copies of this report
to the Secretary of Homeland Security and the Director, Office of
Management and Budget. Copies will also be available at no charge on
the GAO Web site at [Hyperlink, www.gao.gov.].
If you have any questions on matters discussed in this report, please
contact me at (202) 512-9286 or Linda J. Lambert, Assistant Director,
at (202) 512-9556. We can also be reached by e-mail at [Hyperlink,
pownerd@gao.gov] and [Hyperlink, lambertl@gao.gov], respectively.
Another key contributor to this report was Niti Bery.
Signed by:
David A. Powner:
Director, Information Technology Management Issues:
[End of section]
Appendixes:
Appendix I: DHS Department-Level Investment Management Boards:
Board: Investment Review Board[A];
Membership:
* Deputy Secretary (Chair);
* Under Secretary of Management (Vice-Chair);
* Under Secretary, Border and Transportation Security;
* Under Secretary, Emergency Preparedness and Response;
* Under Secretary, Science and Technology;
* Under Secretary, Information Analysis and Infrastructure Protection;
* Deputy Chief of Staff for Policy;
* Chief Information Officer (CIO);
* Chief Financial Officer;
* Chief Procurement Officer;
* Privacy Officer;
* General Counsel;
Types of investments reviewed: All capital assets meeting the
investment threshold criteria;
Investment threshold level and criteria: Level 1 investments:
* Contract costs exceeds $50 million;
* Importance to DHS strategic and performance plans;
* High development, operating, or maintenance cost;
* High risk;
* High return;
* Significance in resource administration;
* For IT investments only:
* life-cycle costs exceed $200 million;
Other comments: [Empty].
Board: Management Review Council[A];
Membership:
* CIO;
* Chief Financial Officer;
* Chief Procurement Officer;
Types of investments reviewed: All capital assets meeting the
investment threshold criteria;
Investment threshold level and criteria: Level 2 investments:
* Contract cost $5-$50 million;
* Affects more than one DHS component;
* Significant program or policy implication;
* High executive visibility;
* For IT investments only:
* life-cycle costs of $20-$200 million;
* financial system with operational cost exceeding $500,000;
* was major in fiscal year 2004 budget submission;
* is E-government related;
* is directly tied to the top two layers of the Federal Enterprise
Architecture business reference model;
* is an integral part of the DHS modernization blueprint (enterprise
architecture);
* affects more than one component entity through the sharing of data or
facilities, and/or affects the sharing of facilities, data, and/or
information with state and local governments;
* common administrative services for which a single, DHS-wide solution
may be possible or for which a joint DHS team has been established or
planned;
* new technology initiatives;
* sensitive initiatives;
Other comments: [Empty].
Board: Enterprise Architecture Board;
Membership:
* CIO (Chair);
* Chief Financial Officer designee;
* Chief Procurement Officer designee;
* Business unit and program representatives;
* Information officers in the directorates/organizational elements;
Types of investments reviewed: IT investments meeting the investment
threshold criteria;
Investment threshold level and criteria:
* Annual costs of $1-$5 million;
* Life-cycle costs of $5-$20 million;
* E-government transformation focus area;
Other comments: This board also reviews all level 1 and 2 IT
investments and makes recommendations to the Investment Review Board
and Management Review Council.
Source: DHS.
[A] DHS also plans to employ a Joint Requirements Council to serve as a
working group to make recommendations to the Investment Review Board
and Management Review Council on cross-cutting IT investments. The
Joint Requirements Council, whose membership includes the Chief
Technology Officer, Director of Strategic Sourcing and chief operating
officers of DHS's component entities, met for the first time on January
7, 2004.
[End of table]
(310450):
FOOTNOTES
[1] The entities that were affected by one or both of the July 2002
memorandums were the Department of Agriculture's Animal and Plant
Health Inspection Service, the Federal Emergency Management Agency, the
Department of Justice's Immigration and Naturalization Service, the
Department of Transportation's Transportation Security Administration
and Coast Guard, and the Department of the Treasury's Secret Service
and Customs Service. Each of these entities was transferred at least in
part to DHS, and will be referred to as component agencies for purposes
of this report.
[2] According to OMB representatives, the July 2002 memorandums stopped
being applicable once DHS became operational in March 2003.
[3] The July 2002 memorandums created two investment review groups, the
(1) Homeland Security IT Investment Review Group, which was to review
IT infrastructure investments, and (2) Business Systems IT Review
Group, which was to review business systems investments. However,
according to an OMB IT representative and the Office of Homeland
Security co-chair of these groups, because the membership was largely
the same (they generally comprised the chief information officers of
the component agencies expected to be part of DHS although some chief
financial officers were also represented), they acted as a single
entity. Accordingly, we refer to these groups as the Homeland Security
IT Investment Review Group for purposes of this report.
[4] U.S. General Accounting Office, Homeland Security: OMB's Temporary
Cessation of Information Technology Funding for New Investments, GAO-
03-186T (Washington, D.C.: Oct. 1, 2002).
[5] During the control phase of the IT investment management process,
the organization ensures that, as projects develop and as funds are
spent, the project is continuing to meet mission needs at the expected
levels of cost and risk.
[6] U.S. General Accounting Office, Major Management Challenges and
Program Risks: Department of Homeland Security, GAO-03-102 (Washington,
D.C.: January 2003).
[7] DHS's Office of the CIO is part of the Management directorate.
[8] Office of Management and Budget, Budget of the U.S. Government,
Fiscal Year 2005, Report on IT Spending for the Federal Government for
Fiscal Years 2003, 2004, and 2005. We did not verify these data.
[9] U.S. General Accounting Office, Homeland Security: Proposal for
Cabinet Agency Has Merit, But Implementation Will be Pivotal to
Success, GAO-02-886T (Washington, D.C.: June 25, 2002).
[10] We have previously issued reports on this initiative. For example,
see U.S. General Accounting Office, Customs Service Modernization:
Automated Commercial Environment Progressing, but Further Acquisition
Management Improvements Needed, GAO-03-406 (Washington, D.C.: Feb. 28,
2003).
[11] We have previously issued reports on this initiative. For example,
see U.S. General Accounting Office, Homeland Security: Risks Facing Key
Border and Transportation Security Program Need to Be Addressed, GAO-
03-1083 (Washington, D.C.: Sept. 19, 2003).
[12] An enterprise architecture is a blueprint for institutional
modernization and evolution that consists of models describing how an
entity operates today and how it intends to operate in the future,
along with a plan for how it intends to transition to this future
state.
[13] We have issued guidance to agencies related to enterprise
architecture, IT investment management, and other management issues.
For example, see U.S. General Accounting Office, Information
Technology: A Framework for Assessing and Improving Enterprise
Architecture Management (Version 1.1), GAO-03-584G (Washington, D.C.:
Apr. 1, 2003) and Information Technology Investment Management: A
Framework for Assessing and Improving Process Maturity, GAO/AIMD-
10.1.23, Exposure Draft (Washington, D.C.: May 2000).
[14] U.S. General Accounting Office, Homeland Security: Information
Technology Funding and Associated Management Issues, GAO-03-250
(Washington, D.C.: Dec. 13, 2002).
[15] GAO-03-186T.
[16] These circulars instruct agencies to develop, implement, and use
capital programming processes that, for example: (1) evaluate and
select capital asset investments that will support core mission
functions and demonstrate projected returns on investments that are
clearly equal to or better than alternative uses of public resources,
(2) ensure that improvements to existing and planned information
systems do not unnecessarily duplicate IT capabilities within the same
agency, and (3) institute performance measures and management processes
that monitor and compare actual performance with planned results.
[17] OMB did not specify the 2 years. The DHS CIO believes that the OMB
savings estimates are achievable, but are not likely to be realized in
the first 2 years of DHS's establishment.
[18] In September 2003, DHS completed the first version of its target
enterprise architecture.
[19] During the selection phase of an IT investment management process,
the organization (1) selects projects that will best support its
mission needs and (2) identifies and analyzes each project's risks and
returns before committing significant funds.
[20] During the control phase of the IT investment management process,
the organization ensures that, as projects develop and as funds are
spent, the project is continuing to meet mission needs at the expected
levels of cost and risk.
[21] The investment review team was made up of representatives from the
offices of the CIO, chief financial officer, and the chief procurement
officer, as well as several component agencies.
[22] As of January 2, 2004, DHS was still in the process of finalizing
its list of level 1, level 2, and level 3 IT investments.
[23] The DHS IRB coordinator and IT officials stated that after the
level 1 investment process is stabilized, they intend to implement a
comparable process for level 2 investments; however, they did not yet
know how level 3 investments were going to be addressed. Level 1, 2,
and 3 investments are subject to review by department-level boards.
GAO's Mission:
The General Accounting Office, the investigative arm of Congress,
exists to support Congress in meeting its constitutional
responsibilities and to help improve the performance and accountability
of the federal government for the American people. GAO examines the use
of public funds; evaluates federal programs and policies; and provides
analyses, recommendations, and other assistance to help Congress make
informed oversight, policy, and funding decisions. GAO's commitment to
good government is reflected in its core values of accountability,
integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through the Internet. GAO's Web site ( www.gao.gov ) contains
abstracts and full-text files of current reports and testimony and an
expanding archive of older products. The Web site features a search
engine to help you locate documents using key words and phrases. You
can print these documents in their entirety, including charts and other
graphics.
Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as "Today's Reports," on its
Web site daily. The list contains links to the full-text document
files. To have GAO e-mail this list to you every afternoon, go to
www.gao.gov and select "Subscribe to e-mail alerts" under the "Order
GAO Products" heading.
Order by Mail or Phone:
The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent
of Documents. GAO also accepts VISA and Mastercard. Orders for 100 or
more copies mailed to a single address are discounted 25 percent.
Orders should be sent to:
U.S. General Accounting Office
441 G Street NW,
Room LM Washington,
D.C. 20548:
To order by Phone:
Voice: (202) 512-6000:
TDD: (202) 512-2537:
Fax: (202) 512-6061:
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: www.gao.gov/fraudnet/fraudnet.htm E-mail: fraudnet@gao.gov
Automated answering system: (800) 424-5454 or (202) 512-7470:
Public Affairs:
Jeff Nelligan, managing director, NelliganJ@gao.gov (202) 512-4800 U.S.
General Accounting Office, 441 G Street NW, Room 7149 Washington, D.C.
20548: