[House Hearing, 108 Congress]
[From the U.S. Government Publishing Office]



                                                         H. Hrg. 108-29

H.R. 2886, DEPARTMENT OF HOMELAND SECURITY FINANCIAL ACCOUNTABILITY ACT

=======================================================================

                                HEARING

                                 of the

                 SELECT COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                      ONE HUNDRED EIGHTH CONGRESS

                             FIRST SESSION

                               __________

                            OCTOBER 8, 2003

                               __________

                           Serial No. 108-29

                               __________

    Printed for the use of the Select Committee on Homeland Security


 Available via the World Wide Web: http://www.access.gpo.gov/congress/
                                 house


                               __________

                    U.S. GOVERNMENT PRINTING OFFICE
21-355                      WASHINGTON : 2005
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov  Phone: toll free (866) 512-1800; (202) 512ï¿½091800  
Fax: (202) 512ï¿½092250 Mail: Stop SSOP, Washington, DC 20402ï¿½090001


                 SELECT COMMITTEE ON HOMELAND SECURITY

                 CHRISTOPHER COX, California, Chairman

JENNIFER DUNN, Washington            JIM TURNER, Texas, Ranking Member
C.W. BILL YOUNG, Florida             BENNIE G. THOMPSON, Mississippi
DON YOUNG, Alaska                    LORETTA SANCHEZ, California
F. JAMES SENSENBRENNER, JR.,         EDWARD J. MARKEY, Massachusetts
Wisconsin                            NORMAN D. DICKS, Washington
W.J. (BILLY) TAUZIN, Louisiana       BARNEY FRANK, Massachusetts
DAVID DREIER, California             JANE HARMAN, California
DUNCAN HUNTER, California            BENJAMIN L. CARDIN, Maryland
HAROLD ROGERS, Kentucky              LOUISE McINTOSH SLAUGHTER,
SHERWOOD BOEHLERT, New York            New York
LAMAR S. SMITH, Texas                PETER A. DeFAZIO, Oregon
CURT WELDON, Pennsylvania            NITA M. LOWEY, New York
CHRISTOPHER SHAYS, Connecticut       ROBERT E. ANDREWS, New Jersey
PORTER J. GOSS, Florida              ELEANOR HOLMES NORTON,
DAVE CAMP, Michigan                    District of Columbia
LINCOLN DIAZ-BALART, Florida         ZOE LOFGREN, California
BOB GOODLATTE, Virginia              KAREN McCARTHY, Missouri
ERNEST J. ISTOOK, Jr., Oklahoma      SHEILA JACKSON-LEE, Texas
PETER T. KING, New York              BILL PASCRELL, JR., New Jersey
JOHN LINDER, Georgia                 DONNA M. CHRISTENSEN,
JOHN B. SHADEGG, Arizona               U.S. Virgin Islands
MARK E. SOUDER, Indiana              BOB ETHERIDGE, North Carolina
MAC THORNBERRY, Texas                CHARLES GONZALEZ, Texas
JIM GIBBONS, Nevada                  KEN LUCAS, Kentucky
KAY GRANGER, Texas                   JAMES R. LANGEVIN, Rhode Island
PETE SESSIONS, Texas                 KENDRICK B. MEEK, Florida
JOHN E. SWEENEY, New York

                      JOHN GANNON, Chief of Staff

         UTTAM DHILLON, Chief Counsel and Deputy Staff Director

               DAVID H. SCHANZER, Democrat Staff Director

                    MICHAEL S. TWINCHEK, Chief Clerk

                                  (II)


                            C O N T E N T S

                               STATEMENTS

The Honorable Christopher Cox, a Representative in Congress from 
  the State of California, an Chairman, Select Committee on 
  Homeland Security
  Oral Statement.................................................     1
  Prepared Statement.............................................     3
The Honorable Turner, a Representative in Congress from the State 
  of Texas, and Ranking Member, Select Committee on Homeland 
  Security.......................................................     3
The Honorable Donna Christensen, a Delegate in Congress from the 
  U.S. Virgin Islands............................................    38
The Honorable Bob Etheridge, a Representative in Congress from 
  the State of North Carolina....................................     5
The Honorable Jim Gibbons, a Representative in Congress from the 
  State of Nevada................................................     5
The Honorable James R. Langevin, a Representative in Congress 
  from the of State Rhode Island.................................    38
The Honorable Sheila Jackson-Lee, a Representative in Congress 
  from the of State Texas........................................    45
The Honorable John Linder, a Representative in Congress from the 
  State of Georgia...............................................    38
The Honorable Pascrell, a Representative in Congress from the 
  State of New Jersey............................................    33
The Honorable Shadegg, a Representative in Congress from the 
  State of Arizona...............................................    46
The Honorable Sweeney, a Representative in Congress from the 
  State of New York..............................................    35

                               WITNESSES

Mr. J. Richard Berman, Assistant Inspector General for Audits, 
  Department of Homeland Security
  Oral Statement.................................................    10
  Prepared Statement.............................................    12
Dr. Bruce Carnes, Chief Financial Officer, Department of Homeland 
  Security
  Oral Statement.................................................     5
  Prepared Statement.............................................     7
Ms. Michele Flournoy, Senior Adviser, International Security 
  Program, Center for Strategic and International Studies
  Oral Statement.................................................    25
  Prepared Statement.............................................    27
The Honorable Linda Springer, Comptroller Office of Federal 
  Financial Management, Office of Management and Budget
  Oral Statement.................................................    19
  Prepared Statement.............................................    22

                                APPENDIX
                   Material Submitted for the Record

Dr. Bruce Carnes Responses to Questions..........................    51
Mr Richard Berman Reponse to Question............................    52

 
                        H.R. 2886, DEPARTMENT OF
             HOMELAND SECURITY FINANCIAL ACCOUNTABILITY ACT

                              ----------                              


                       Wednesday, October 8, 2003

                          House of Representatives,
                     Select Committee on Homeland Security,
                                                    Washington, DC.
    The committee met, pursuant to call, at 1:05 p.m., in Room 
2318, Rayburn House Office Building, Hon. Christopher Cox 
[chairman of the committee] presiding.
    Present: Representatives Cox, Camp, Linder, Shadegg, 
Gibbons, Sweeney, Turner, Norton, McCarthy, Jackson-Lee, 
Pascrell, Christensen, Etheridge, Lucas, Langevin, and Meek.
    Chairman Cox. Good afternoon. A quorum being present, the 
committee will come to order. The committee is meeting today to 
consider the management and financial accounting controls at 
the Department of Homeland Security and legislation to bring 
the Department within the coverage of the CFO Act.
    It was only 5 months ago this year that the Department 
opened its doors. The establishment of the Department of 
Homeland Security marks the largest reorganization of the 
Federal Government in history. It is a merger of 22 separate 
Federal agencies with more than $50 billion in assets, $36 
billion in liabilities--although the accounting certitude of 
that figure is questionable--and roughly 180,000 employees.
    The President created the new department not to achieve a 
new M&A standard, but rather to enhance our capabilities to 
prevent terrorism. It is this core mission to make our country 
safer that requires us to examine how the financial systems of 
22 separate agencies will be consolidated in order to achieve 
our objective.
    In conducting oversight of DHS, this committee must make 
financial accountability a top priority. This is necessary not 
only to ensure that taxpayer dollars are fully and accurately 
accounted for and spent prudently to achieve well defined and 
measurable objectives, and to prevent waste, fraud and abuse, 
but even more importantly, it is necessary so that the 
Department succeeds in its overall mission. That mission is of 
course protecting Americans.
    Today, in keeping with other oversight mandates, we will 
examine the financial policies, processes and systems being 
utilized and being proposed for use at the Department. Our 
analysis is being conducted within the context of legislation 
now pending before this committee, H.R. 2886, the Homeland 
Security Financial Accountability Act.
    In addition, we will explore the Department's steps towards 
a framework for strategic planning and program evaluation. 
Questions that we are interested in addressing today include 
how DHS will ensure that the appropriate amount of funds are 
requested for specific programs and how those programs will be 
held to performance standards.
    H.R. 2886, the Department of Homeland Security Financial 
Accountability Act, contains a number of financial management 
provisions. It includes measures subjecting the Department to 
the statutory framework and reporting mandates of the CFO Act. 
It imposes additional financial audit opinion requirements.
    I am interested to hear the views of our witnesses today--
we have an outstanding panel--about the impact of the various 
provisions of the bill. It is my estimation that the Department 
is making solid progress in financial management.
    Consolidating 22 separate agencies is no mean feat. But 
there is a broad plan to streamline and integrate financial 
systems and promote interoperability across the Department. I 
look forward to hearing your views on the panel about the 
progress of those initiatives today.
    It is imperative, I believe, that the objectives of 
individual programs be firmly linked with the strategic plans 
of the Department. Budgetary requests must reflect the 
priorities of these strategic plans so that money is spent 
appropriately and with minimal, if any, redundancy. And, 
finally, the performance of department programs must be 
examined regularly by this committee to assist in 
implementation, to assess progress, and to best allocate future 
resources.
    We already have laws in effect to promote the responsible 
use of scarce resources in the Federal Government. I think we 
need to use these laws to much greater effect. In 1993, 
Congress enacted the Government Performance and Results Act, 
which requires that every major Federal agency report their 
plans for future years and give an assessment of performance 
for previous years.
    These reports provide the basis for Congress to assess how 
each agency is performing. Ensuring that these statutory 
requirements are fulfilled in the Department of Homeland 
Security is critical to allowing this committee to provide 
effective oversight in partnership with the Department. I am 
pleased the Department has established the Office of Program 
Analysis and Evaluation, under the CFO, Dr. Carnes, with the 
responsibility for integrating strategy, performance, 
management and budget for the entire Department.
    The Department will need to rely on the best practices of 
established departments within the Federal Government as well 
as in the private sector while adapting these policies to meet 
the unique domestic security mission of the Department of 
Homeland Security. I dare say that back when we first wrote the 
CFO Act, and I was one of the original authors of the CFO Act, 
and I am a strong proponent of it, calling a hearing on the 
topic of financial accounting controls would likely not attract 
a good deal of attention.
    I think in the post-Enron world that is not so. I think 
nonaccountants now understand the importance of management 
control, or the purposes of achieving the objectives of an 
organization, and also recognize the down side of not having a 
good system of financial controls in place in a large 
organization.
    We want to make sure that we take every opportunity to 
improve the work of the Department of Homeland Security, to 
perfect it in its achievement of its mission, and we want to 
use financial controls to that end.
    I thank the witnesses with us here today for providing us 
with your testimony in advance. I look forward to hearing the 
summary of your testimony in a moment and engaging in a 
colloquy with you. I now recognize the ranking member, Mr. 
Turner, for any opening statements that he may have.

 Prepared Statement of the Honorable Christopher Cox, Chairman, Select 
                     Committee on Homeland Security

    On March 1 of this year, we witnessed the standing up of the 
Department of Homeland Security, the largest reorganization of the 
federal government in history. The restructuring brought under one roof 
22 separate federal agencies, more than $50 billion in assets, $36 
billion in liabilities and roughly 180,000 employees. The President 
created the new Department, to enhance our capabilities to prevent 
terrorism, to protect our infrastructure against it, and to respond to 
any attack that might occur.
    In conducting oversight of the Department of Homeland Security, 
this Committee must make financial accountability a top priority. We 
must insist that taxpayer dollars are fully and accurately accounted 
for. And we must ensure that every precaution is taken to prevent 
fraud, waste, and abuse.
    It is imperative that the objectives of individual programs be 
firmly linked with the strategic plans of the Department. Budgetary 
requests must reflect the priorities of these strategic plans, so that 
money is spent appropriately and with minimal redundancy.
    At one time these issues may have been considered dry, but in our 
post Enron debacle environment no one can discount their importance. 
Both the Executive branch and the Legislative branch of the federal 
government must fulfill our obligation to protect the taxpayer's bottom 
line.

    Mr. Turner. Thank you, Mr. Chairman. I appreciate you 
calling this hearing for the purpose of examining the financial 
planning and management practices of the Department of Homeland 
Security, and, specifically, to have a hearing on H.R. 2886, 
the Department of Homeland Security Financial Accountability 
Act.
    Over the course of this fiscal year, the Department will 
spend around $30 billion on a wide range of programs and 
activities designed to keep this country safe from terrorism. 
It is important, I think, that the Department have all of the 
tools and the practices necessary to ensure that taxpayer 
dollars are spent efficiently and effectively. Also, I think it 
is important that these tools allow the Department to provide 
the Congress with all of the information that we need to carry 
out our responsibilities.
    I am encouraged by several steps that I have seen the 
Department take recently in laying the groundwork for sound 
fiscal management. Among these are the establishing of a 
planning and programming and budgeting system similar to what 
has existed within the Department of Defense for many years to 
help in developing its 5-year budget plan, the creation of a 
Program Analysis and Evaluation Office to review program and 
budget requirements and analyze them in the context of an 
assessment of key threats and vulnerabilities; also, setting up 
an investment review board and a joint requirements review 
process to monitor the Department's progress in developing 
major programs and making related acquisition decisions. Each 
of these are good first steps.
    Mr. Chairman, I think we all agree, however, that there is 
much more that must be done to be sure that we make the right 
choices regarding the security of our nation. The most 
important task I think that the Department has yet to 
accomplish is the development of a comprehensive threat and 
vulnerability assessment.
    It seems that from testimony that we have had from 
Assistant Secretary Liscouski that such an assessment is some 
years away. I believe he estimated perhaps 5 years away. This, 
in my judgment, is unacceptable. Without a threat and 
vulnerability assessment, we cannot possibly decide how to 
allocate valuable funding between a variety of options such as 
cargo screening, improving the electrical grid, increasing 
bioterrorism protection, or tending to some other 
vulnerability.
    At the Department of Defense, each installation assesses 
its vulnerabilities every year so security changes can be based 
on a current assessment of risk. But with the Homeland Security 
Department right now, we are in essence driving down the road 
without a road map to tell us where to go. Indeed, without a 
true threat and vulnerability assessment, we run the risk of 
trying to protect everything equally, which means we protect 
nothing effectively, or, worse yet, we end up funding programs 
based on current events or media attention rather than on 
rational evaluation of risk.
    A threat and vulnerability assessment should be part of an 
updated annual Homeland Security strategy. An updated strategy 
could serve, in turn, to articulate the administration's goals 
across the government, better define our capabilities and needs 
and provide clear guidance to the budget planning process.
    We all know that the threats we face are real, and the 
decisions we make today will decide our security tomorrow. 
Right now we are making our decisions without a good road map.
    Mr. Chairman, I think we also need to ensure that the 
Department has a robust financial management system in place as 
provided for, in part, by the legislation that we are looking 
at today.
    Such financial systems can also assist the Department in 
developing specific performance goals and benchmarks that can 
be used to evaluate whether it is in fact achieving the high 
goals that we have set for it.
    And finally, Mr. Chairman, we must insist in the coming 
years that the Congress be provided with accurate, detailed 
budget information that it needs to carry out its oversight 
work. The Department's fiscal year 2005 request, which will 
arrive on our door step only about 4 months from now, must be 
sufficiently comprehensive to allow us to fully understand the 
required costs of homeland security. Such materials were not 
provided with last year's request.
    If we believe that information is lacking, we should ask 
the hard questions and take the necessary steps to ensure that 
we have what we need.
    Finally, Mr. Chairman, while great progress I think is 
being made, we know the task ahead will be difficult and much 
work remains to be done.
    I appreciate each of the witnesses who are with us today. I 
appreciate your commitment to the security of our country, and 
I thank you for being with us today.
    Thank you, Mr. Chairman.
    Chairman Cox. Mr. Gibbons, do you wish to be recognized for 
an opening statement?
    Mr. Gibbons. Mr. Chairman, in view of the importance of our 
witnesses' testimony today and the significance of which this 
committee views its interest in this subject, I am going to 
waive my opportunity to make an opening remark. I will submit 
them for the record at a later date. I want to thank you for 
your leadership on this issue and look forward to the testimony 
of the witnesses.
    Thank you.
    Chairman Cox. Does any member on the minority side wish to 
be recognized for purpose of an opening statement?
    Mr. Ethridge. Mr. Chairman, I will submit mine for the 
record and waive.
    Chairman Cox. Thank you. If not, we can jump right into the 
testimony of our witnesses. I will recognize you in turn. We 
will begin with Dr. Bruce M. Carnes, the Chief Financial 
Officer for the Department of Homeland Security. As we 
mentioned, we have your written submission, and you are free to 
summarize your testimony as you see fit.

    STATEMENT OF DR. BRUCE CARNES, CHIEF FINANCIAL OFFICER, 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Carnes. Thank you, Mr. Chairman. I will summarize my 
statement. Mr. Chairman, Mr. Turner, members of the select 
committee, I am delighted to be here to discuss our progress 
and the challenges in building financial management business 
and program evaluation processes at DHS.
    As the CFO at the Department of Homeland Security, I am 
committed to building financial policies, processes and systems 
that are a model for the Federal Government. Much has already 
been done in the few months that we have been in existence to 
bring the financial policies, processes and systems of 22 
disparate organizations into one department.
    In March, we successfully transferred more than $50 billion 
in assets, $36 billion in liabilities and 180,000 employees to 
the Department. Within a few weeks we created the financial 
structures and support systems necessary to support these 
transfers. We have also launched a consolidated bankcard 
program that will reduce the number of programs within the 
Department from 27 to 3, created an investment review board to 
evaluate acquisitions above $5 million.
    We are requiring certified project managers. We have 
development a joint requirements council. We have created an 
investment review board. We have initiated a 5-year budget and 
planning program; established a budget process modeled after 
DOD's POM process, program objectives memorandum process; 
launched a consolidated business and financial management 
systems program; and created a program analysis and evaluation 
organization.
    We are developing a future years homeland security program 
and a strategic plan. All of these activities have been 
accomplished by a handful of outstanding and dedicated staff 
that I am very fortunate to be in charge of, and my task is to 
get out of their way and let them do their jobs. They are doing 
them spectacularly.
    When we stood up, we inherited 22 disparate financial 
processes. We have consolidated them to nine, primarily by 
terminating memos of understanding with legacy agencies and 
shifting the workload to in-house financial support units. We 
are studying ways to streamline the financial processes used by 
DHS, with a goal of enhancing efficiency, reducing costs, and 
improving the quality of financial data.
    We have 83 financial management systems, few of which are 
integrated. Some are outdated, lack functionality and are 
expensive to operate and maintain. To tackle this problem, we 
have launched an aggressive problem to transform DHS's business 
and financial management policies, processes and systems.
    As part of this, we will develop and implement a 
departmental business and financial enterprise solution that 
results in a single suite of financial management systems for 
the Department. The objective of this program is to provide the 
business equivalent of a global positioning system for our 
operators and to provide CFO compliance and information for the 
Congress, the Treasury, and OMB and auditors.
    We are launching a comprehensive review of the finance and 
accounting operations of all DHS components. This will include 
an assessment of performance standards, business processes, 
workload requirements, systems capabilities, staffing 
requirements and productivity levels. It will provide 
recommendations for establishing department-wide performance 
standards, improved business processes, possible consolidations 
of operations and systems improvements. Action plans will be 
developed to implement those recommendations.
    Another challenge we face is preparing consolidated 
financial statements within the time frame established by OMB. 
This is a formidable challenge, but early on we decided that we 
needed to move aggressively to comply. We have submitted our 
interim statements to OMB on time, and we expect to have our 
fiscal year 2003 statements completed ahead of schedule.
    Part of the challenge that we face in preparing our 
statements is mitigating the impact of 18 inherited material 
weaknesses that were identified in audits of the agencies that 
became the Department of Homeland Security. I have directed the 
Department's components to establish corrective action plans 
for each of these material weaknesses. We have established a 
system to monitor the implementation of those action plans. And 
these components report to me on a quarterly basis on their 
progress against them.
    In addition, I am creating a unit within my organization to 
conduct internal audits, some of which will be focused on any 
material weakness that is not being corrected on schedule.
    A word, if my might, about H.R. 2886. As the CFO of DHS, I 
applaud the spirit with which H.R. 2886 was introduced. I agree 
that increased accountability is important and necessary, as 
demonstrated by the continuing rash of corporate accounting 
scandals. But I want to assure the committee that as the 
Department's CFO, I have the same duties and responsibilities 
as CFOs in other agencies, and I am held accountable for 
ensuring the Department's financial integrity in the same 
manner.
    The proposed legislation will not change the way I perform 
my job, nor will it give me any authority that I do not already 
have. Similarly the legislation will not change the 
requirements that the Department must comply with in accounting 
for its finances.
    Section 3 of the bill requires that the Department submit a 
performance and accountability report that incorporates a 
program performance report. We will include program performance 
information in our fiscal year 2003 performance and 
accountability report. But that section also requires that the 
Department's report include an audit opinion of our internal 
controls, beginning in fiscal year 2005.
    The bill mandates that the CFO Council and the President's 
Council on Integrity and Efficiency jointly conduct a study. An 
audit of internal controls could be costly and possibly 
redundant. The Department believes that the proposed study is 
necessary and that any decision to require DHS to audit its 
system of internal controls should await the outcome of that 
study.
    One of the principal things I did when I went to DHS was to 
create a PA&E organization. I spent a number of years in DOD. 
And when I went from DOD to Energy, I created such an 
organization. I have created one at DHS.
    We can get into its functions if you would like later on in 
the hearing, but it is one of the organizations within my shop 
of which I am most proud, and which is most essential to the 
development of our strategic plan and our future years homeland 
security program.
    Thank you, Mr. Chairman. I will be happy to take your 
questions.
    [The statement of Mr. Carnes follows:]

    Prepared Statement of Bruce M. Carnes, Chief Financial Officer, 
                    Department of Homeland Security

    Mr. Chairman, members of the Select Committee, I am pleased to be 
here to discuss our progress and challenges in building financial 
management, business and program evaluation processes at the Department 
of Homeland Security.
    DHS Financial Management and Program Evaluation Accomplishments and 
Goals The Department of Homeland Security was created to protect the 
American people by preventing terrorist attacks, reducing our 
vulnerability to attack, and minimizing the loss of life and speeding 
recovery should one occur. At the same time, the Administration saw the 
creation of the Department as an opportunity to build a model for 
management excellence by efficiently and effectively managing resources 
to deliver measurable results.
    As the Chief Financial Officer at the Department of Homeland 
Security, I am committed to fulfilling this vision by building 
financial policies, process and systems that are a model for the 
Federal government. Just as we have consolidated border and 
transportation security functions, merged response activities, 
integrated terrorist threat intelligence, and coordinated homeland 
security research and development efforts, I believe we must with equal 
vigor transform our business practices and systems.
    Since the Department was established, much has already been done to 
bring the financial policies, processes, and systems of 22 disparate 
organizations into one Department. In March 2003, we successfully 
transferred more than $50 billion in assets, $36 billion in 
liabilities, and more than 180,000 employees to the Department. Within 
a few weeks, we created the financial structures and support systems 
necessary to support these transfers. This was accomplished with only 
handful of staff--a remarkable achievement of which we are proud.
    We have also launched a consolidated bankcard program that will 
reduce the number of programs within the Department from 27 to three, 
created an investment review board to evaluate acquisitions above $5 
million, initiated a five-year budget and planning program, established 
a budget process modeled after the Department of Defense's Program 
Objectives Memorandum process, launched a consolidated business and 
financial management systems program, and created a Program Analysis 
and Evaluation organization charged with leading the Department's 
program evaluation effort and ensuring compliance with performance and 
accountability requirements.
    Our success in these areas has laid a solid foundation for our 
efforts to become a model of excellence in Federal financial 
management; however, much remains to be done. As we move forward, using 
the President's Management Agenda as our guide, we seek to:
         increase efficiency and effectiveness by producing 
        financial data that is timely, reliable, and useful to decision 
        makers;
         strengthen accountability by ensuring that internal 
        controls are in place across the Department and appropriate 
        oversight reviews are conducted;
         significantly reduce costs by consolidating functions, 
        systems, and processes and by instituting best business 
        practices; and .
         achieve results through the use of rigorous planning, 
        measurement and evaluation processes.
These goals are ambitious and we face significant challenges in 
achieving them.

DHS Financial Management Challenges and Solutions
    Consolidating the Department's 22 Financial Processes. Currently, 
the Department has 22 disparate financial processes. Several of these 
were established through memorandums of understanding with the 
Department's legacy agencies. Using these processes helped ensure 
sufficient financial support services were available when the 
Department was first established. However, they are labor-intensive and 
cumbersome to manage. Beginning October 1, 2003, we consolidated the 
number of processes from 22 to 10--primarily by terminating the 
memorandums of understanding with legacy agencies and by shifting the 
workload to in-house financial support service units.
    This is only a good start. In FY 2004, we will consider options to 
further streamline the financial processes used by the Department with 
the goal of enhancing efficiency, reducing costs, and improving the 
quality of financial data.

    Multiple and Redundant Financial Systems. The Department has 83 
financial management systems, few of which are integrated. Some are 
outdated, lack functionality, and are expensive to operate and 
maintain. To tackle this problem, we have launched an aggressive 
program to transform the Department's business and financial management 
policies, processes, and systems.
    As part of this initiative, we will develop and implement a 
departmental business and financial enterprise solution that results in 
a single suite of financial management systems for the Department. The 
objective of the program is to provide the business equivalent of a 
Global Position System that will:
     Provide decision-makers with the business information 
(e.g., budget, accounting, personnel, procurement, travel) they need in 
near real-time;
     Improve data quality and timeliness;
     Provide required information to our stakeholders, 
including the Office of Management and Budget, the Congress, the 
General Accounting Office, our Inspector General, and the public; and
     Help the Department obtain a clean opinion on our 
financial statements.
    This program will have a major impact on the way the Department 
manages its business and financial operations and will result in the 
Department's becoming more efficient and effective by eliminating 
redundant systems and consolidating functions. Developing and 
implementing the envisioned suite of systems will require a substantial 
up-front investment; however, once implemented, we anticipate that this 
program will produce significant cost savings.

    Lack of Standard Business Practices. Just as the Department has 
multiple financial systems and processes, we have multiple business 
practices for managing our financial operations. While some diversity 
is desirable to ensure that innovation thrives and best practices 
emerge, some standardization is also necessary.
    Thus, we are launching a comprehensive review of the finance and 
accounting operations of all Department of Homeland Security 
components. The review will include an assessment of performance 
standards, business processes, workload requirements, systems 
capabilities, staffing requirements, and productivity levels. The 
review will also provide recommendations for establishing department-
wide performance standards, improved business process, possible 
consolidations, and systems improvements. Action plans will be 
developed to implement recommendations. We anticipate that the 
Department will begin to realize cost savings from implementing the 
recommendations as early as FY 2005.

    Challenges Relating to Coordination and Communication. In any 
organization as large as the Department of Homeland Security, 
communication and coordination can be a challenge. To tackle this 
problem, early in my tenure I established a departmental Chief 
Financial Officer's Council, which I chair, and whose members include 
the budget and finance directors from the Department's components. The 
Council has been instrumental in sharing information and priorities and 
for discussing the problems confronting the components.
    While the Council has been effective in providing direction to the 
budget and finance officers, the fact remains that they are part of a 
different command structure. While this has not been detrimental to 
accomplishing the initiatives that we have pursued thus far, as we 
begin to make the sweeping changes needed to become a model for 
financial management excellence, working within the current structure 
could become a greater challenge.

    Preparing Consolidated Financial Statements. Another challenge we 
face is preparing consolidated financial statements within the 
timeframe established by the Office of Management and Budget. Although 
this is a formidable challenge, we decided early on that the Department 
needed to move aggressively to meet the requirements of OMB Bulletin-
01-09, as amended, which requires agencies to prepare financial 
statements. We have submitted our interim statements to OMB on time and 
expect to meet OMB's due date for the final audited statement.
    Part of the challenge that we face in preparing our statements is 
mitigating the impact of 18 inherited material weaknesses that were 
identified in prior-year audits at the Department's legacy agencies. To 
tackle this problem, I directed the Department's components to 
establish corrective action plans for each material weakness. I also 
established a system to monitor implementation in which the components 
report to me on a quarterly basis on their progress in correcting their 
material weaknesses. In addition, I am creating a unit within my 
organization to conduct internal audits, some of which will be focused 
on any material weaknesses that are not being corrected on schedule. 
Through these processes, I believe that we will make significant 
progress in reducing the number of material weaknesses and ultimately 
eliminate them.

H.R. 2886 ``Department of Homeland Security Financial Accountability 
Act''
    As the CFO of the Department of Homeland Security, I applaud the 
spirit with which H.R. 2886, ``Department of Homeland Security 
Financial Accountability Act'', was introduced. I agree with the bill's 
sponsor, Congressman Platts, that increased accountability is important 
and necessary as demonstrated by the continuing rash of corporate 
accounting scandals.
    While I agree with the overarching goal that H.R. 2886 seeks to 
accomplish, I believe that legislation may not be necessary. Section 2 
of the bill proposes to subject the Department to the same financial 
management and accountability requirements as all other cabinet-level 
departments. It also proposes to change the status of the Chief 
Financial Officer from a presidential appointee reporting to an under 
secretary to a presidential appointee subject to Senate confirmation 
reporting to the Secretary.
    As the Department's CFO, I have the same duties and 
responsibilities as CFOs in other agencies and am held accountable for 
ensuring the Department's financial integrity in the same manner. The 
proposed legislation will not change the way I perform my job nor will 
it give me any authority that I do not already have. Similarly, the 
legislation will not change the requirements the Department must comply 
with in accounting for its finances. The Department complies with the 
provisions of the Chief Financial Officers Act of 1990 and will 
continue to do so.
    Section 3 of the bill requires that the Department submit a 
performance and accountability report that incorporates a program 
performance report. The Department will include program performance 
information in its FY 2003 performance and accountability report.
    Also included in Section 3 is a provision that would require that 
the Department's performance and accountability report to include an 
audit opinion of the Department's internal controls over its financial 
reporting beginning in FY 2005. In addition, the bill mandates that the 
Chief Financial Officers Council and President's Council on Integrity 
and Efficiency jointly conduct a study of the potential costs and 
benefits of requiring agencies to obtain audit opinions of their 
internal controls over their financial reporting.
    An audit of internal controls would be costly and very possibly 
redundant. The Department believes that the proposed study is necessary 
and that any decision to require the Department to audit its system of 
internal controls should await the results of the study.
    Again, I support the intent of the proposed legislation. Should 
H.R. 2886 ultimately be enacted, the Department would look forward to 
working closely with the Congress on this important Issue.

Program Analysis and Evaluation
    One of the first actions I took as the Department's Chief Financial 
Officer was to establish a Program Analysis and Evaluation (PA&E) 
Office and to recruit a highly experienced director to the lead 
organization. PA&E's primary responsibilities include:
     designing and managing the Department's Planning, 
Programming and Budgeting System;
     managing the development of the Future Years Homeland 
Security Program;
     coordinating the development of the Department's strategic 
plan;
     ensuring the Department meets performance-based budgeting 
requirements;
     managing the Department's Investment Review Process; and
     preparing the Department's Annual Performance Plan and the 
program and performance section of the annual Performance and 
Accountability Report.
    The Department has made significant progress in each of these 
areas. We expect to issue a directive on the Department's new Planning, 
Programming and Budgeting System (PPBS) within the next month. The PPBS 
is being modeled after the Department of Defense's system and will 
include as an integral component guidance for establishing goals and 
performance measures which reflect program missions and assess desired 
outcomes. The PPBS will be the basis for developing the Department's 
first Future Years Homeland Security Program, which will be submitted 
to Congress in accordance with the provisions of the Homeland Security 
Act. We have made substantial progress on the Department's first 
strategic plan and expect to transmit a draft to Congress for review in 
early November. In the area of investment review, since May 2003, our 
Investment Review Board has evaluated approximately ten percent of the 
Department's major acquisitions (over $50 million) and will increase 
its efforts over the coming months. Under the leadership of the Deputy 
Secretary, the Department launched a comprehensive effort to develop 
measures of effectiveness to help assess performance and make more 
informed resource allocation and budget decisions. Finally, we are on 
track to issue on time the Department's first Annual Performance Plan, 
which will include rigorous performance measures for each of the 
Department's organizational elements. We will also publish the 
Department's first Performance and Accountability Report in January 
2004.
    We believe that through these initiatives we are taking the steps 
necessary to help improve performance, increase accountability and 
achieve the Department's mission.

Closing
    In closing, I want to assure this committee that the Department of 
Homeland Security is advancing as rapidly yet judiciously toward our 
goal of becoming a model for management excellence. In the coming 
months, we will move aggressively to implement the plans that I have 
described for consolidation, streamlining, and increasing 
accountability. We will also announce further plans to help us reach 
these goals.
    We look forward to working with the Congress as we progress with 
our plans and will seek your continued support as we move forward.

    Chairman Cox. Thank you. Our next witness is J. Richard 
Berman, Assistant Inspector General for Audits at the 
Department of Homeland Security.

STATEMENT OF J. RICHARD BERMAN, ASSISTANT INSPECTOR GENERAL FOR 
            AUDITS, DEPARTMENT OF HOMELAND SECURITY

    Mr. Berman. Chairman Cox, Ranking Member Turner, and 
members of the committee. Thank you for the opportunity to be 
here today to discuss financial management and program 
evaluation at the Department of Homeland Security and H.R. 
2886.
    On March 1, 2003, DHS was created by consolidating 22 
domestic agencies to better protect the Nation against threats 
to the homeland. Each of the component agencies brought to DHS 
its distinct business processes as well as financial 
weaknesses. This presents DHS with significant challenges in 
integrating financial operations, creating a common 
infrastructure and developing goals, objectives and meaningful 
performance measures to guide and track progress.
    Measures of effectiveness are critical to the process of 
evaluating the degree of success of department programs and 
operations, and making more informed resource allocation and 
budget decisions.
    OIG will use the Department's goals and performance 
measures, as well as the President's management agenda in 
shaping its own work plans and priorities and will verify and 
validate program performance data as part of its audits and 
inspections.
    In the area of financial systems and reporting, DHS must 
integrate and establish effective controls over the financial 
systems and operations of the incoming components, including 
correcting the weaknesses that it has inherited.
    While some components, such as INS, have received 
unqualified audit opinions on their financial statements, they 
expended significant human resources and costs to prepare 
financial statements because of their inadequate financial 
systems and weaknesses in control.
    DHS inherited a total of 18 material weaknesses identified 
in prior year financial statement audits at the legacy 
agencies, and we will be assessing these material weaknesses as 
part of our 2003 financial statement audit.
    Information systems are another key area that DHS must 
address in order to establish sound financial management and 
business processes. This is an area in which opportunities 
abound to achieve greater economy and efficiency.
    To meet these challenges DHS will need to build a unified 
financial management structure capable of supporting both 
efficient financial statement preparation and reliable, timely 
financial information for managing DHS's current operations, 
including information to support performance-based budgeting.
    Grants and contracts management are also major areas of 
concern. DHS awards over $7 billion annually in grants under 
its emergency preparedness and disaster assistance grant 
programs, which were absorbed primarily from FEMA and the 
Department of Justice.
    Previous FEMA and Justice OIG reports identified 
significant shortcomings in the preaward process, cash 
management, monitoring and grant closeout processes in the 
emergency preparedness programs.
    Further, these programs have redundant or similar features, 
such as emergency planning, training, and equipment purchases 
and upgrades for State and local emergency personnel, and 
meaningful performance measures are desperately needed in these 
areas.
    Additionally, FEMA's OIG found that FEMA had ineffective 
performance and financial oversight over disaster assistance 
grants. This, in turn, enabled grant recipients and subgrantees 
to misuse millions of dollars in Federal funds. In the 7 months 
since our office was created, we have reported about $40 
million in questioned grant expenditures. A sound grants 
management program is needed, one that complies with Federal 
requirements and that includes effective monitoring of and 
assistance to States and other grantees.
    Similarly, DHS absorbed billions of dollars in contracts 
from the component agencies that were awarded under differing 
procedures and circumstances. DHS must integrate the 
procurement functions of the legacy agencies, some lacking 
important management controls. For example, at TSA, where 
contracts totaled $8.5 billion at the end of 2002, the 
Department of transportation OIG found that procurements were 
made in an environment where there was no preexisting 
infrastructure for overseeing contracts. TSA had to rely 
extensively on contractors to support its mission, leading to 
tremendous growth in contract costs. We are continuing to 
examine these contracts.
    Other DHS components also have complex, high cost 
procurement programs underway that we are or will be examining.
    Early attention by DHS to strong systems controls for 
acquisition and related business processes will be critical, 
both to ensuring success of the programs and to maintaining 
integrity and accountability.
    With regard to H.R. 2886, OIG has several comments. First, 
the bill waives the financial statement audit requirement for 
fiscal year 2003. The amended version offered by the House 
Subcommittee on Government Efficiency and Financial Management 
dropped this provision and we support that change. With respect 
to the proposed requirement for an opinion on DHS's internal 
controls in fiscal year 2004, the OIG believes such a 
requirement will be beneficial, but that it is not practical to 
perform such an audit of internal controls in that year.
    The amended version extends the deadline to fiscal year 
2005, and OIG supports that change for the reasons outlined in 
my prepared statement. The amended version also includes a 
requirement to study the costs and benefits of issuing an 
opinion on internal controls. We support this requirement as 
well.
    We believe the cost for such an opinion could be 
substantial--by one estimate, a 35 percent increase in total 
audit costs. And funds have yet to be provided for even the 
overall financial statement audit, which we estimate will cost 
about $11 million, and that is without an opinion on internal 
controls.
    Mr. Chairman, this concludes my remarks. I would be happy 
to answer any questions you may have.
    [The statement of Mr. Berman follows:]

                Prepared Statement of J. Richard Berman

    Mr. Chairman and Members of the Committee:
    Thank you for the opportunity to be here today to discuss financial 
management and program evaluation at the Department of Homeland 
Security (DHS).
    On March 1,2003, DHS was created by consolidating 22 disparate 
domestic agencies to better protect the nation against threats to the 
homeland. In order for DHS to accomplish its multiple missions, it has 
organized most of these 22 agencies into four major directorates. The 
Border and Transportation Security Directorate, which maintains the 
security of our nations' borders and transportation systems, is the 
largest and consists of several legacy agencies, including the 
Transportation Security Administration (TSA), the U.S. Customs Service, 
the Office of Domestic Preparedness (ODP), and law enforcement 
functions, such as the Border Patrol, of the Immigration and 
Naturalization Service (INS). The Emergency Preparedness and Response 
Directorate is primarily the former Federal Emergency and Management 
Agency (FEMA), and ensures that our nation is able to recover from 
terrorist attacks and natural disasters.
    Smaller agencies were incorporated into the above directorates as 
well as into the Science and Technology and Information Analysis and 
Infrastructure Protection Directorates. Additionally, the Coast Guard 
and Secret Service retained their distinct identities within DHS. The 
newly created Bureau of Citizenship and Immigration Services will 
assume the responsibility for immigration services from the former INS. 
Providing the infrastructure to hold the department together is the 
Management Directorate, which is responsible for budget, management, 
and personnel activities.
    Each of the component agencies brought to DHS its distinct business 
processes, which presents DHS with challenges in integrating 
operations, creating a common infrastructure, and developing goals, 
objectives and meaningful performance measures to guide and track 
progress. All of these challenges impact financial management at DHS.
    Financial management in the federal government revolves around 
requirements found in several laws, including the Federal Managers 
Financial Integrity Act, the Chief Financial Officers Act, the Federal 
Financial Management Improvement Act (FMFIA), and the Government 
Performance and Results Act. Agencies must ensure that: (1) government 
obligations and costs are lawful; (2) funds, property, and other assets 
are safeguarded; (3) reliable, timely, and useful information is 
available to make fully informed decisions and to provide 
accountability; and (4) performance is measured.
    Following is an overview of the major financial management 
challenges facing DHS, along with the steps we believe are needed to 
address these challenges and establish sound financial management and 
business processes at DHS. We also provide substantive comments on H.R. 
2886, The Department of Homeland Security Financial Accountability Act, 
including the amended version offered by the Subcommittee on Government 
Efficiency and Financial Management.

OVERVIEW OF FINANCIAL MANAGEMENT CHALLENGES AND SOLUTIONS

Financial Systems and Reporting
    DHS must integrate and establish effective controls over the 
financial systems and operations of the incoming components, many of 
which bring with them longstanding weaknesses in need of correction. 
DHS inherited a total of 18 material weaknesses identified in prior 
year financial statement audits at the legacy agencies. I have included 
a list and brief description of these weaknesses as an appendix to my 
statement. We will be assessing these material weaknesses, and the need 
to retain or add to them, as part of our FY 2003 financial statement 
audit.
    Correcting such weaknesses presents a major challenge. For example, 
some components, such as INS,\1\ have received unqualified audit 
opinions on their financial statements, but expended tremendous human 
resources and costs to prepare their financial statements, and 
weaknesses existed in financial systems and controls. In the past, INS 
has halted normal business operations for up to two weeks each year in 
order to conduct manual counts of millions of applications in order to 
calculate earned revenue figures for its annual financial statements. 
Poor systems were a major cause of these costly efforts.
---------------------------------------------------------------------------
    \1\ Within DHS, INS has been broken apart and joined with the 
Bureau of Customs and Border Protection and the Bureau of Immigration 
and Customs Enforcement. Another part formed the Bureau for Citizenship 
and Immigration Services.
---------------------------------------------------------------------------
    While combining the 22 entities and their myriad financial systems 
and processes pose complex challenges, opportunities abound to achieve 
greater economy and efficiency. Information systems are a key issue 
that DHS must address in order to establish sound financial management 
and business processes. Many of the smaller agencies that came into DHS 
are still supported by their legacy agency systems and will need to 
migrate to a DHS platform. The larger agencies brought their own 
processing capability, but several of these systems have material 
weaknesses involving system functionality and security. Overall, DHS 
reports over 80 financial management systems, few of which are 
integrated.
    To meet these challenges, DHS will need to build a unified 
financial management structure, including integrated and compliant 
systems as well as consistent policies and procedures. These systems 
must support not only efficient financial statement preparation; they 
must provide reliable and timely financial information for managing 
DHS' current operations, too. A key factor will be the sustained 
commitment of top DHS leadership, which the Chief Financial Officer 
(CFO) already has demonstrated. The CFO meets regularly with financial 
officers and staff from DHS components and legacy agencies that still 
provide accounting support to discuss the continuing transition and 
current DHS-wide financial management issues. Further, the CFO has 
formed a group to develop financial system requirements for the agency 
in coordination with the Office of the Chief Information Officer.

Grants Management
    DHS awards over $7 billion annually in grants under its emergency 
preparedness and disaster assistance grants programs.
    DHS absorbed three major emergency preparedness grant programs from 
FEMA and the Department of Justice (DOJ): the First Responder Program--
$3.2 billion; the Assistance to Firefighters Grant Program--$750 
million; and the Emergency Management Performance Grant Program--$165 
million. DHS also absorbed about $450 million in miscellaneous 
emergency preparedness grant programs. Previous FEMA and DOJ Office of 
Inspector General (OIG) reports identified significant shortcomings in 
the pre-award process, cash management, monitoring, and grant closeout 
processes. Each of these programs has redundant or similar features 
such as emergency planning, training, and equipment purchases and 
upgrades for state and local emergency personnel. Furthermore, program 
managers need to develop meaningful performance measures related to the 
degree to which the DHS grant programs have enhanced state and local 
capabilities to respond to terrorist attacks and natural disasters.
    Another complication is that these programs have been divided 
between two separate DHS directorates. Preparedness for terrorism was 
placed in the Border and Transportation Security Directorate, while 
other preparedness efforts are located in the Emergency Preparedness 
and Response Directorate. This bifurcation creates additional 
challenges related to interdepartmental coordination, performance 
accountability, and fiscal accountability. On September 2, however, DHS 
Secretary Ridge announced that soon he will be sending to Congress a 
plan centralizing these programs within a single office.
    Additionally, DHS absorbed about $2.8 billion in disaster 
assistance grant programs from FEMA. FEMA's OIG found that it had 
ineffective performance and financial oversight for these grants, which 
in turn enabled grant recipients and subgrantees to misuse millions of 
dollars in federal funds. Grant recipients' problems with financial 
management, procurement, and sub grant monitoring are long standing. 
Between 1993 and 2000, for example, auditors questioned the use of 
funds totaling nearly $900 million dollars. An assessment of mitigation 
grants awarded between 1989 and 1998 disclosed that half of the $2.6 
billion in grant awards was never spent. FEMA's OIG found recurring 
grant management problems at the state level, too. Often states did not 
monitor or accurately report on sub grant financial and performance 
activities. They did not always make payments or close out projects in 
a timely manner. Their financial status reports to FEMA were often 
incorrect or past due. And, they did not always maintain adequate 
documentation supporting their share of disaster costs and other 
financial requirements. The OIG found that FEMA seldom used its 
enforcement power to compel grantees to fix problems, even when the 
grantees had long histories of noncompliance. Finally, the DIG cited 
FEMA's debris removal program for its susceptibility to serious fraud, 
waste, and abuse.
A sound grants management program to remedy these concerns must 
include:
         A comprehensive grants management system that complies 
        with grant financial systems requirements issued by the Joint 
        Financial Management Improvement Program. In addition, DHS must 
        ensure compliance with the Federal Financial Assistance 
        Management Improvement Act of 1999, which requires use of 
        electronic application and reporting by grantees via the 
        Internet.
         Effective monitoring of and assistance to states and 
        other grantees in all phases of the grants management life 
        cycle from award to closeout. Grant closeouts and required 
        audits should be within established time periods, and 
        extensions must be adequately justified, approved, and 
        documented.
         Adequate training and supervision of the grants 
        management workforce.
         Meaningful performance goals and measures of 
        effectiveness.

Contract Management
    DHS also absorbed billions of dollars in contracts from the 
component agencies that were awarded under differing procedures and 
circumstances. DHS must integrate the procurement functions of several 
legacy agencies, some lacking important management controls. The 
General Accounting Office (GAD), for example, reported that Customs had 
not established process controls for determining whether acquired 
software products and services satisfied contract requirements before 
acceptance, nor established related controls for effective and 
efficient transfer of acquired software products to the support 
organization responsible for software maintenance. At TSA, where 
contracts totaled $8.5 billion at the end of calendar year 2002, the 
Department of Transportation OIG found that procurements were made in 
an environment where there was no pre-existing infrastructure for 
overseeing contracts. TSA had to rely extensively on contractors to 
support its mission, leading to tremendous growth in contract costs. A 
review by TSA of one subcontractor involved with hiring airport 
screeners found that, out of $18 million in expenses, between $6 
million and $9 million appeared to be attributed to wasteful and 
abusive spending practices. Our office is currently reviewing several 
of the TSA contracts including a detailed audit of the screener 
contract, in conjunction with the Defense Contract Audit Agency.
    Also, some DHS components have large, complex, high-cost 
procurement programs under way that need to be closely managed. For 
example, Customs' Automated Commercial Environment project will cost $5 
billion, and Coast Guard's Deepwater Capability Replacement Project 
will cost $17 billion and take more than twenty years to complete. 
Further, some contracts, regardless of their earlier merits, may need 
to be revised or may no longer be necessary to accomplish DHS's 
mission.
    Early attention to strong systems and controls for acquisition and 
related business processes will be critical both to ensuring success 
and maintaining integrity and accountability. Steps would include:
         Establishing an overall acquisition strategy for 
        modernization of legacy program and financial systems.
         Reviewing all contracts transferring to DHS to ensure 
        they are relevant to the agency's mission and--particularly for 
        systems development contracts--will not be affected by, or 
        conflict with, DHS system integration efforts.
         Ensuring that contracting officers and their 
        representatives are properly warranted, trained, and 
        supervised, and that they maintain proper documentation in 
        contract files.
         Establishing a robust and effective contract 
        management and oversight function.
         Establishing effective systems and controls for 
        managing purchase and travel cards.

Improper Payments
    The Improper Payments Information Act of 2002 requires agencies to 
review all programs and activities they administer annually and 
identify those that may be susceptible to significant erroneous 
payments. Where the risk of erroneous payments is significant, agencies 
are to estimate the annual amount of erroneous payments and report the 
estimates to the President and Congress with a progress report on 
actions to reduce erroneous payments.
    Since DHS must comply with this Act in FY 2004, we will be 
performing limited procedures during the FY 2003 financial statement 
audit to assess the agency's readiness to meet the reporting 
requirement.

Performance Reporting/Program Analysis and Evaluation
    Appropriate plans (including workforce plans), goals, objectives 
and meaningful performance measures must be established as soon as 
possible, and is a challenge for any agency. DHS has implemented a 
comprehensive Measures of Effectiveness project under which such 
measures will be established through a top-down process based on the 
DHS strategic goals. We commend the agency for this effort.
    Measures of effectiveness are critical to the process of evaluating 
the degree of success of department programs and operations, and making 
more informed resource allocations and budget decisions. DIG will use 
the department's goals, as well as the President's management 
initiatives, in shaping its own work plans and priorities, and will 
verify and validate the department's performance data as part of its 
audits and inspections.

                         COMMENTS ON H.R. 2886

Presidential Appointment and Senate Confirmation of DHS CFO
    H.R. 2886 would amend U.S.C. 31 to include DHS as one of the 
cabinet level agencies required to have CFOs appointed by the president 
and confirmed by the Senate. As a result of this amendment, the DHS CFO 
would also report directly to the Secretary of DHS rather than to the 
Under Secretary for Management, as is now the case.
    The OIG has no position on this change. As a general rule, we 
believe that making high-level presidential appointees subject to 
Senate confirmation is conducive to making such an official fully 
accountable to the Administration and the Congress. On the other hand, 
the absence of such confirmation does not necessarily mean that the CFO 
can-not be held accountable. Our primary interest is that the CFO 
commit to full compliance with the CFO Act, the Federal Financial 
Management Improvement Act, and all other applicable statutory 
requirements and general good business practices, and this CFO has done 
that.

Financial Statement Waiver
    H.R. 2886 waived the requirement for a financial statement audit of 
DHS until FY 2004. The amended version deleted this language, a change 
that the OIG supported. Completion of a FY 2003 financial statement 
audit for DHS is important for several reasons. Effective in FY 2004, 
OMB accelerated the reporting deadlines for Performance and 
Accountability reports, including audited financial statements, to 
November 15, 2004. It is unlikely that our office could complete its FY 
2004 audit of DHS' financial statements by that date, without at least 
one year's prior experience, given the short history of DHS and the 
scale and complexity of its programs and operations. Further, the lack 
of an audit this year and possible audit timing problems next year 
could negatively affect GAO's government-wide financial statement audit 
by increasing the risk of DHS receiving a disclaimer or a qualified 
opinion.
    We believe emphatically that financial accountability for DHS 
should not be postponed. Its newness, size, and complexity strongly 
argue for more oversight, not less. GAD has designated the 
establishment and operation of DHS as a ``high-risk'' area. An audit of 
DHS' financial statements is a key oversight mechanism. Not only do 
audited financial statements provide insight into the reliability of 
financial reporting, the audit report itself provides details on 
internal control weaknesses and non-compliance that put financial 
reporting and safekeeping of assets at risk. We strongly believe that 
this information should be reported sooner rather than later so that no 
time is lost in charting and implementing corrective actions.
    The CFO of DHS is working diligently to have auditable financial 
statements for FY 2003 by November 15. Our audit is well underway and 
we plan to complete the audit by January 31, 2004.

Opinion on Internal Controls over Financial Reporting
    H.R. 2886 required that beginning in FY 2004 DHS include in its 
performance and accountability report an audit opinion on the 
department's internal controls over its financial reporting. The 
amended version requires DHS to include management's assertion on 
internal controls in the FY 2004 report but defers the audit opinion on 
internal controls until FY 2005.
    The OIG believes that a requirement for an opinion on internal 
controls would be beneficial in concept, but it is not practical to 
render an opinion on internal controls in FY 2004 for several reasons. 
Deferral of this requirement to FY 2005 would allow time for the 
related auditing standards and procedures, and the related costs, to be 
more properly considered.
    Fundamental to rendering an opinion on internal control, under 
attestation standards currently proposed by the American Institute of 
Certified Public Accountants (AICPA), is ``management's assertion'' on 
controls over financial reporting. Management must provide the auditor 
an assertion that significant controls over financial reporting exist 
and are designed and operating effectively during the period under 
review. In order for management to reasonably make this assertion, it 
must make an assessment of those controls including an evaluation of 
control effectiveness using suitable criteria, such as the GAO's 
Standards for Internal Control in the Federal Government, and support 
the evaluation with sufficient evidence such as testing.Management's 
assessment of internal controls under the AICPA guidelines would be an 
extensive, time consuming process requiring sufficient lead time to 
institute. The need for management to first assess and test controls 
contributed to a one year deferral of the requirement for publicly held 
companies to have an independent audit of internal control, pursuant to 
the Sarbanes-Oxley Act of 2002.
    Further, DHS's situation is significantly more complex, with its 
inception occurring this year, compared to that of a publicly held 
company that has established processes, financial systems, and the 
general infrastructure to support the extensive effort required before 
an audit of internal controls can be performed.
    Finally, with the advent of Sarbanes-Oxley, changes are occurring 
in the auditing profession. Although Sarbanes-Oxley applies only to 
public companies, it could have an impact on auditing standards for 
other entities too, including government agencies. The Auditing 
Standards Board (ASB) of the AICPA in June 2003 submitted to the new 
Public Company Accounting Oversight Board (PCOAB) \2\ its recommended 
new, significantly expanded attestation standard for reporting on 
internal control over financial reporting. In the submission letter, 
the AICP A said it believed the proposed standard should apply to all 
engagements and not just to public companies.
---------------------------------------------------------------------------
    \2\ The PCOAB has jurisdiction over auditing standards for public 
companies covered by Sarbanes-Oxley.
---------------------------------------------------------------------------
    It should be noted that the intent behind the requirement to opine 
on internal controls over financial reporting is similar to the intent 
behind FMFIA, although FMFIA has involved a far less rigorous process. 
Consideration should be given to combining these requirements when 
deliberating the proposed internal control reporting requirements.
    Even without an opinion on internal controls, our financial 
statement audit report will identify material weaknesses and other 
reportable conditions related to financial reporting. For example, DHS 
financial statement auditors for FY 2003 will consider internal 
controls related to financial reporting for grants, procurement, 
property and equipment, inventory, budgetary reporting, liabilities, 
and many other categories.
    We believe there would be significant additional cost to render an 
opinion on internal controls. The size of this increment would depend 
on the extent of evaluation and testing performed by DHS and the audit 
approach for the financial statements. In the private sector, one 
survey found that the cost of complying with the internal control 
reporting requirements of Sarbanes-Oxley would increase the average 
audit cost by 35 percent. This might be on the low-end for DHS because 
of its newness and complexity. Further, there will likely be 
significant costs associated with management's assessment of internal 
controls, which, as explained above, would be a prerequisite for the 
audit.
    We believe that rendering opinions on internal controls over 
financial reporting at agencies could be beneficial by identifying 
additional weaknesses, and focusing attention on the state of financial 
management in the government. The terminology of a clean opinion versus 
a qualified opinion or disclaimer provides a ranking system that is 
easy to grasp. The downside is the additional cost to fund agency 
preparations and the audit itself.

    Study of Potential Costs and Benefits of Audit Opinions on Internal 
Control
    The amended version of H.R. 2886 requires that the CFO Council and 
the President's Council on Integrity and Efficiency jointly conduct a 
study of the potential costs and benefits of requiring agencies to 
obtain audit opinions of internal controls over their financial 
reporting. We endorse this provision.
    We believe the costs, as discussed above, could be substantial. 
Therefore, it is worth examining the issue to ensure that the most 
efficient and effective audit procedures can be adopted and that the 
costs are in line with the benefits. We assume the study will include 
such an examination.

CONCLUSION
    Mr. Chairman, this concludes my prepared statement. I have tried to 
limit my remarks to the areas of greatest concern and your specific 
questions. Please be assured that our office will continue to place a 
high priority on these issues. Again, I appreciate your time and 
attention and welcome any questions you or members of the Committee 
might have.

                                Appendix

 To the Statement of J. Richard Berman Assistant Inspector General for 
              Audits U.S. Department of Homeland Security

                     Summary of Material Weaknesses

             Related to FY 2002 Financial Statement Audits

                  Federal Emergency Management Agency

1. Information security controls for FEMA's financial systems 
environment need improvement.
        Deficiencies existed in the areas of security program planning, 
        training and awareness, background investigations, system 
        certification and accreditation, technical vulnerabilities, 
        terminations, service providers, and wireless communications.

2. FEMA's financial system functionality needs significant improvement.
        Functionality deficiencies included: (1) inadequate accounting 
        functionality in the property management system, (2) 
        inefficient payroll processing, (3) no managerial cost 
        accounting system, (4) interface problems with the HHS' funds 
        disbursement system, and (5) inaccurate vendor table data 
        leading to inefficiencies.

3. FEMA must improve its financial reporting process.
        Deficiencies in FEMA's financial reporting process included: 
        (1) significant delays in preparing financial statements, (2) 
        unfinalized standard operating procedures for statement 
        preparation, (3) lack of an integrated financial reporting 
        process, (4) untimely close-outs for interagency agreements, 
        (5) notable adjustments related to de-obligations, expense 
        accruals, and the recording of disbursements as advances, and 
        (6) inconsistent treatment of three unusual contingent 
        appropriations.

4. FEMA must improve its real and personal property system processes.
        FEMA lacked a property management system that met its 
        accounting needs. The system only tracked equipment, not other 
        types of property. The system changed acquisition dates for 
        equipment upon transfer and did not link the location of 
        equipment to the accounting records. FEMA did not have 
        procedures to ensure proper property inventories or to ensure 
        the consistent recording of equipment on either a system or 
        component basis. Processes to identify, value, and track 
        construction in progress and deferred maintenance were not 
        fully implemented.

5. FEMA must improve its account reconciliation processes.
        Reconciliation deficiencies were noted in the areas of accounts 
        payable, unliquidated obligations, fund balance with Treasury, 
        the suspense fund, reimbursable activity, and intragovernmental 
        balances. Deficiencies were related to timeliness, procedures, 
        documentation, or consistency.

6. FEMA must improve its accounts receivable processes.
        FEMA needed to improve its billing timeliness for certain 
        accounts, although it had made progress during the year.

Immigration and Naturalization Service
1. INS' information system controls need improvement.
        Deficiencies existed in the areas of access controls, audit 
        trails, back-up procedures, change controls, and system 
        software controls.

2. INS' existing systems are not adequate to record revenue 
transactions in accordance with federal standards.
        The INS did not have a reliable system that could provide 
        regular, timely data on the number and value of immigration 
        applications and petitions received, completed, and pending. 
        This information was necessary to support general ledger 
        entries required for recording fee revenues that were earned 
        when the related applications were completed. Instead, the INS 
        recorded earned revenue in its general ledger when the fees 
        were received.

3. INS' processes for financial accounting and reporting need 
improvement.
        Due to limitations in the design and operation of its legacy 
        financial accounting system, INS did not maintain integrated 
        perpetual general ledger records for many key accrual balances. 
        Instead, the INS used stand-alone systems and performed limited 
        general ledger updates, or it obtained the required balances 
        through manual processes and data calls and recorded ``on-top'' 
        adjustments as part of the financial statement preparation 
        process. Additionally, the INS did not perform monthly, or at a 
        minimum, quarterly reconciliations of certain major account 
        balances.

Transportation Security Administration
1. Hiring qualified personnel
        TSA had not hired sufficient accounting personnel for the 
        Financial Reporting office. At the end of fieldwork, the 
        vacancy rate in the CFO's financial management structure was 50 
        percent.

2. Financial reporting and systems
        Personnel separations from TSA were not processed on a timely 
        basis in the personnel system. Other deficiencies existed in 
        the areas of access controls, security plans, and risk 
        assessments.

3. Property accounting and financial reporting
        TSA did not maintain complete and accurate records of its 
        passenger and baggage screening equipment, and an adjustment of 
        approximately $149 million was required to properly record 
        construction in progress.

4. Policies and procedures
        TSA did not have written accounting policies and procedures to 
        support TSA's financial management and budgeting functions. 
        Such policies and procedures might have prevented the following 
        deficiencies:
        a. An adjustment of approximately $1.0 billion to accrue 
        accounts payable properly for year-end.
        b. An approximate backlog of $322 million in purchase orders/
        obligating documents that were not entered into the accounting 
        system at year-end, often because of incomplete and erroneous 
        accounting information.
        c. Adjustments of $309 million and $101 million to correct for 
        improper expensing of equipment meeting TSA's capitalization 
        criteria.
        d. Untimely recording of accounts receivable for air carrier 
        and passenger security fees.
        e. Lack of a process to develop appropriate disclosure 
        information related to leasing arrangements when initially 
        drafting financial statements.
        f. An adjustment of approximately $45 million to correct the 
        expensing of a grant advance payment.
        TSA also did not have a process in place to monitor and 
        evaluate its accounting and internal control systems to meet 
        FMFIA reporting requirements.

5. Administration of screener contracts
        TSA did not have policies and procedures to provide an 
        effective span of control to monitor contractor costs and 
        performance. Contractors did not always provide evidence to 
        support rates or specific cost and pricing data, nor did they 
        always definitize their contracts, as required. These 
        deficiencies left TSA vulnerable to inflated labor rates and 
        other inappropriate charges.

United States Customs Service
1. Customs did not adequately monitor the effectiveness of its internal 
controls over the entry duties and taxes in 2002.
        After the events of September 11, 2001, Customs suspended its 
        Compliance Management program. This program evaluated Customs' 
        risk-based approach to trade compliance by assessing whether 
        revenue collections reasonably approximated those actually due. 
        Without the CM program, Customs lacked an important internal 
        control related to revenue collection during FY 2002.

2. Drawback controls need to be strengthened.
        Customs' Automated Commercial System (ACS) could not perform 
        certain processes that would have facilitated monitoring of the 
        drawback program. To monitor the program, Customs used a risk 
        management process to select claims for review. Although the 
        process was supposed to allow for statistical projection of the 
        results, personnel were allowed to reduce the random sample to 
        a baseline number, thus impeding the statistical projection of 
        results. Reconciliation procedures for related drawback claims 
        also were not sufficiently comprehensive.

3. Customs IT system logical access and software maintenance security 
controls need improvement.
        Deficiencies existed in the areas of network and host-based 
        system configuration, password management practices, logical 
        access controls, application programs, computer-related 
        facilities and equipment, and software patches. These 
        weaknesses put Customs at risk of unauthorized system access, 
        modification, disclosure, loss, or impairment.

4. Core financial systems need to be improved and integrated.
        Customs' core financial systems did not provide certain 
        financial information necessary for managing operations. Also, 
        they did not capture all transactions as they occurred during 
        the year, did not record all transactions properly, and were 
        not fully integrated. Additionally, the systems did not always 
        provide for essential controls with respect to override 
        capabilities.As a result, extensive manual procedures and 
        analyses were required to process certain routine transactions 
        and prepare year-end financial statements.

    Chairman Cox. Thank you. Our next witness is Linda M. 
Springer, Comptroller of the Office of Federal Financial 
Management at the Office of Management and Budget. Welcome.

  STATEMENT OF LINDA SPRINGER, COMPTROLLER, OFFICE OF FEDERAL 
     FINANCIAL MANAGEMENT, OFFICE OF MANAGEMENT AND BUDGET

    Ms. Springer. Thank you, Mr. Chairman. Appreciate the 
opportunity to appear before you and the Members today to 
testify on accounting and financial controls at the Department 
of Homeland Security.
    In the face of many challenges involved with its creation, 
the Department has demonstrated a very strong commitment to 
financial excellence and should be recognized for its efforts 
during this past year. Although the creation of the Department 
began just 7 months ago, it is off to a good start with regard 
to its financial management. The Department has shown 
commitment to preparing audited financial statements in the 
first year of its existence and to demonstrate accountability 
to both the Congress and to the American people.
    It could have waived, asked for a waiver of that 
requirement under the Accountability of Tax Dollars Act of 
2002, but the Department instead elected to not only prepare 
statements, but do them on the accelerated time frame to which 
we are holding other agencies accountable.
    This commitment, coupled with the preparation of quarterly 
financial statements, shows the Department's determination to 
be fiscally responsible from its inception.
    Many issues have been raised regarding the proper 
accounting treatment of the new Department's financial activity 
and its presentation in the financial statements that must be 
addressed. OMB has worked and continues to work with the 
Department of Homeland Security to resolve these issues in a 
timely manner.
    Undoubtedly there will be new issues that will surface, but 
we look forward to working with the Department to address them 
together, in the Department as well. Both the Office of the CFO 
and the Office of the Inspector General have partnered very 
effectively with OMB in that regard.
    The Department must also begin to address longstanding 
weaknesses inherited from its components, as you have heard 
earlier, such as weak financial accounting and reporting 
processes, inadequate information technology systems, 
ineffective real and personal property processes and other 
internal control issues.
    The Department has inventoried these weaknesses and is 
developing corrective action plans. And it will take time, 
obviously, to implement those, and some of those weaknesses are 
still in existence.
    With regard to performance and information for management 
purposes, it is necessary for financial managers at the 
Department to provide management, administration and the 
Congress with quality, timely information and analysis that 
better informs about its financial implications of program 
decisions as well as the impact of those decisions on agency 
performance goals and objectives.
    It is the responsibility of the Department's management to 
put a process in place that sets performance measures 
consistent with its strategies, as well as sets goals for 
achieving its missions and objectives.
    You may be familiar with OMB's PART process, that was put 
into place for the fiscal 2004 budget season, and the PART 
process attempts to marry up performance measurement with the 
budget process, and that applies to the Department of Homeland 
Security as it does for every other agency.
    For fiscal 2004, last year's budget process, eight programs 
at the Department of Homeland Security were PARTed. We have a 
verb to go with that process. And this year an additional nine 
programs will be added to the PART process from the Department.
    The PART process leads to recommendations that will enhance 
program performance and will also support GPRA implementation. 
The PART is a very comprehensive process, and an additional 20 
percent of programs in each agency are added each year to the 
purview of the PART program at OMB.
    We believe that this is an important complement to the work 
that the Department is doing, that the Chief Financial Officer 
described to you earlier.
    With respect to H.R. 2886, there are a few comments that We 
would offer with respect to the amended version. We are pleased 
that the amended version does not include the fiscal 2003 
requirement for reporting. Obviously, we commend DHS for its 
recognition of the value associated with going through an audit 
in its initial year.
    With respect to the internal control audit opinion, the 
amended bill contains a requirement for the Department to have 
that opinion level audit of internal controls, beginning with 
fiscal 2005. Additionally the amended bill would also require a 
study, jointly performed by the CFO Council, the President's 
Council on Integrity and Efficiency, which is the IG group, and 
analyzed by GAO.
    The administration acknowledges that obtaining an audit 
opinion on internal controls is potentially useful, yet it is a 
very significant undertaking. We believe that the insights of a 
study would be very beneficial across the board, inclusive of 
the Department of Homeland Security. So we believe that--while 
we applaud the amendments, we also believe it would be helpful 
to go further and let the Department benefit from the results 
of the study in the event that that is not done in time for the 
2005 fiscal year.
    It is important to note a recent event. You are aware that 
the SEC had promulgated rules regarding company executives 
assessing the adequacy of their internal controls. The Public 
Company Accounting Oversight Board just yesterday met and 
issued requirements for auditors, the actual audit guidance for 
assessing these internal controls. So there is clearly a lot of 
activity in the public--or in the private sector that sets a 
precedent that we will be considering as we review this 
requirement, potential requirement.
    With regard to the CFO Act piece of H.R. 2886, it is OMB's 
position that the substantive provisions of the CFO Act should 
and do apply to the Department of Homeland Security as they do 
for every other major department and agency of the government. 
The CFO Act specifies a very specific organizational structure 
that is inconsistent with the structure that Congress approved 
when it passed the Homeland Security Act of 2002.
    The administration believes that the current construct 
within the Department is, with a strong and competent leader in 
two position of Under Secretary for Management, supports not 
only the CFO office, but provides value in the overall 
comprehensive view of coordinating not only financial functions 
but procurement and IT functions. We think that that does add 
great value, that particular construct.
    In every other respect, though, the Department is very much 
in conformance with the Act from a financial accountability 
standpoint.
    In conclusion, Mr. Chairman, we believe that the Homeland 
Security Department in its short lifetime has demonstrated a 
very strong commitment to financial management practices of the 
highest order, and we have a strong interest, as you do, in 
preventing potential waste, fraud and abuse, and OMB will be 
very diligent in working with the Department.
    With that, I would close and be happy to take your 
questions.
    [The statement of Ms. Springer follows:]

         Prepared Statement of The Honorable Linda M. Springer

    Thank you, Mr. Chairman, for the opportunity to appear before you 
today to testify on accounting and financial controls system at the 
Department of Homeland Security (DHS).
    As you know, the enactment of the Homeland Security Act of 2002 
(P.L. 107-296) represents an historic moment of almost unprecedented 
action by the Federal Government to fundamentally transform how the 
nation will protect itself from terrorism. Rarely in our country's past 
has such a large and complex reorganization of government entities 
occurred with such a singular and urgent purpose.
    The government is undertaking a unique effort to transform a 
distinct group of agencies with multiple missions, values, and cultures 
into a strong and effective cabinet department. This unique opportunity 
comes with many challenges, including those related to the new 
department's stewardship obligation to use tax dollars appropriately 
and to ensure accountability to the President, the Congress, and the 
American people. However, with great challenge comes great opportunity-
both the opportunity to reengineer and develop seamless systems and 
processes that support day-to-day operations and the opportunity to 
provide analysis and insight about the financial implications of 
program decisions that will ultimately assist this Administration, the 
Congress, and other decision-makers in evaluating the value and cost of 
federal programs.

Overview of DHS Financial Management
    The creation of the Department of Homeland Security marks one of 
the largest and most complex mergers ever undertaken by the Federal 
Government. As with any merger, some of the new Department's efforts 
must focus on the most immediate challenges. Other efforts, however, by 
their nature will take several years to successfully develop and 
implement. For instance, cost control and asset management, coupled 
with the need to successfully blend individuals from departments and 
agencies with different cultures, values, and missions, are critical to 
its effectiveness and efficiency. In the face of the many challenges 
involved with its creation, DHS has demonstrated a strong commitment to 
financial excellence and should be recognized for its efforts during 
the past year. Although the creation of DHS began just seven months 
ago, it is off to a good start with regard to its financial management.
    DHS has shown commitment to preparing audited financial statements 
in its first year of existence to demonstrate accountability to the 
Congress and the American people, even though the Accountability of Tax 
Dollars Act of 2002 allows the Department to request a waiver from this 
requirement. This commitment, coupled with the preparation of quarterly 
financial statements, shows the Department's determination to be 
fiscally responsible from its inception, accounting for all transferred 
assets, liabilities, and operations. DHS' goal is to obtain an 
unqualified (clean) opinion for fiscal year 2003 and, if events permit, 
to issue its performance and accountability report on an accelerated 
timeframe.
    An early challenge DHS must overcome is to obtain a clean audit 
opinion on its financial statements, which will demonstrate tangible 
evidence of its efforts to create a premier financial management 
organization. Reaching that goal, however, will require a cooperative 
effort among the 22 entities that were transferred to the Department 
mid-year.
    Many issues have been raised regarding the proper accounting 
treatment of the new Department's financial activity and its 
presentation in the financial statements that must be addressed. OMB 
has worked, and continues to work, with DHS to resolve these issues in 
a timely manner. Undoubtedly, new issues will surface, but we look 
forward to working with DHS to address them together.
    DHS must also begin to address the longstanding weaknesses 
inherited from its components, such as weak financial accounting and 
reporting processes, inadequate information technology (IT) systems 
functionality and security controls, ineffective real and personal 
property processes, and insufficient internal controls over duties and 
taxes. The Department has inventoried these weaknesses and developed 
corrective action plans, although these weaknesses are not yet 
resolved.
    DHS has already taken steps to integrate the diverse financial and 
performance information systems. It has identified the financial 
management systems to which the smaller component agencies may migrate 
beginning October 1. However, this step is just the first of many in a 
long process to streamline the Department's systems. The Chief 
Financial Officer (CFO) must also identify the Department's IT assets 
and then, in conjunction with each program, determine what IT assets 
are needed to meet mission requirements. The CFO must work with the 
Chief Information Officer (CIO) to identify a financial management 
system or systems to meet user needs, whether it be commercial-off-the-
shelf, internally developed, or a hybrid of the two.

Establishing Sound Financial Management and Business Processes
    The push to create a citizen-centered, results-oriented government 
has been exacerbated by the demands on available resources. It is 
necessary for financial managers to provide its management, this 
Administration, the Congress and other decision-makers with quality, 
timely information and analysis that better informs about the financial 
implications of program decisions and the impact of those decisions on 
agency performance goals and objectives.
    It is the responsibility of DHS management to put a process in 
place that sets performance measures consistent with its strategies, as 
well as sets goals for achieving its missions and objectives. OMB's 
PART assessment supplements the Department's performance reviews in the 
context of the budget process. In addition, DHS management must hold 
the agency fully accountable in order to attain sound financial 
management. OMB, along with the Office of the Inspector General (OIG), 
has the role of overseeing this process. OMB looks forward to 
continuing to work with the Department to ensure that DHS works to 
achieve sound financial management practices.

OMB believes that DHS must focus its attention on four critical areas:
         Ensuring top leadership drives the transformation to a 
        single agency, single vision/goal
         Creating the financial organization that adds value 
        and supports the Department's mission
         Establishing seamless financial systems and businesses 
        processes
         Providing meaningful information to decision-makers by 
        routinely generating reliable cost and performance information 
        analysis

Ensuring Top Leadership. Leadership is critical to establishing sound 
financial management within the Department. The merger of 22 disparate 
entities into a single financial organization must begin with a clear 
vision of performance and expectations that is communicated throughout 
the organization at all levels. To be successful, DHS' top leadership 
must make attaining that vision a priority, and the message must be 
reinforced in both words and actions.

Creating the Financial Organization. A premier financial organization 
must recognize that it exists to provide quality, timely and relevant 
information about the financial implications of program decisions and 
the impact of those decisions on agency performance goals and 
objectives. To accomplish this purpose, leading financial organizations 
must serve their customers both internally and externally, aligning 
their mission and organizational structure to better support the 
entity's mission and objectives. DHS should take all necessary steps 
toward creating a financial team that supports the overall missions, 
goals, and objectives of the Department.

Seamless Financial Systems and Business Processes. Building a premier 
financial organization will also require DHS to establish seamless 
financial systems and business processes to enable it to successfully 
fulfill its mission and achieve its goals and objectives. At the 
earliest opportunity, DHS must determine the essential system and 
process infrastructure that it requires throughout the organization. 
This infrastructure must also be flexible enough to support information 
needs at the detailed program level.

Providing Meaningful Information. In seeking to create a premier 
financial organization, DHS must also pursue means that will permit it 
to routinely generate reliable cost and performance information 
analysis. Such analytics combined with other value-added activities 
will support the agency's mission and goals. This capability is a 
requirement for ``getting to green'' on the Improved Financial 
Performance initiative of the President's Management Agenda, and it 
gets to the heart of first-class financial management.
    The creation of DHS provides an opportunity to reengineer much of 
the management reporting formats produced by its components to meet the 
needs of its users. As DHS looks to develop a new strategic plan that 
will outline its goals and objectives, its financial organization 
should design reporting formats that are aligned to measure performance 
in executing its strategy.

H.R. 2886, "Department of Homeland Security Financial Accountability 
Act"
    OMB has high expectations of solid financial management practices 
for this new Department, especially in light of its unique role and 
function within the Federal Government. To that end, OMB appreciates 
your consideration of H.R. 2886, the ``Department of Homeland Security 
Financial Accountability Act,'' and we look forward to discussing 
several issues of this legislation with you.

Fiscal Year 2003 Financial Reporting and Audit. The original version of 
H.R. 2886 contained a provision that lifted the requirement of DHS to 
prepare and submit audited financial statements for any fiscal year 
before fiscal year 2004. However, much work has been done, and 
continues to be done, toward the completion of the fiscal year 2003 
financial statement process at DHS. Thus, OMB is pleased that the 
amended H.R. 2886 does not include this provision, and we commend DHS 
for its recognition of the value that is provided in this initial year 
by preparing and undergoing an audit of financial statements.

Internal Control Audit Opinion. The amended H.R. 2886 contains a 
requirement for DHS to ``include in each performance and accountability 
report an audit opinion of the Department's internal controls over its 
financial reporting,'' beginning with its fiscal year 2005 report. 
Additionally, the amended H.R. 2886 would also require that a study 
regarding the potential costs and benefits of requiring this audit 
opinion be jointly performed and submitted by the CFO Council (CFOC) 
and the President's Council on Integrity and Efficiency (PCIE), as well 
as analyzed by the Comptroller General of the General Accounting Office 
(GAO).
    The Administration acknowledges that obtaining an audit opinion on 
internal control is a potentially useful, yet very significant, 
undertaking. While we agree that an opinion level internal control 
audit could have merit, a review of this magnitude will require the 
allocation of additional resources and sufficient time to coordinate 
among agency Chief Financial Officers, Inspectors General, and 
independent public auditors. Additionally, this provision, if enacted, 
has the potential of imposing a more stringent requirement on DHS than 
other Federal departments and agencies.
    It is our understanding that this internal control audit opinion 
requirement is partly intended to hold Federal agencies to the same 
standards for financial accountability as the private sector. At the 
present time, however, no other sectors are required to obtain an audit 
opinion on internal control. While SEC registrants will be subjected in 
the future to such a requirement under Section 404 of the Sarbanes-
Oxley Act (enacted July 2002), the effective date has been delayed as a 
result of public comments. This deferral recognized several different 
concerns, which would also apply to federal agencies.
    OMB is pleased that the amended version of H.R. 2886 includes a 
provision requiring a cost benefit study. However, we are concerned 
that the internal control audit opinion requirement for DHS would take 
effect with the fiscal year 2005 report, despite any potential 
determinations by the joint CFOC/PCIE study and the subsequent GAO 
analysis that such a requirement is not beneficial. Thus, OMB supports 
delaying the requirement of an internal control audit opinion until 
after the results of the cost-benefit study can be carefully analyzed.
    Applying the CFO Act to DHS. It is OMB's position that the 
substantive provisions of the CFO Act should apply to the new 
Department of Homeland Security as they do every other major Department 
and agency of the Federal Government. However, the CFO Act specifies an 
organizational structure--direct reporting of the CFO to the agency 
head--that is inconsistent with the structure Congress endorsed when it 
passed the Homeland Security Act of 2002. The Homeland Security Act 
enacted the President's proposal to consolidate management 
responsibilities at the new Department under the Under Secretary for 
Management. The Administration believes that with a strong and 
competent leader in the position of Under Secretary for Management, 
sound management policies and practices receive maximum standing within 
the agency.
    I hope we can work together to apply the substantive provisions of 
the CFO Act to the new Department of Homeland Security, while remaining 
faithful to the President's original proposal to create the new 
Department, as well as the Homeland Security Act of 2002.

Conclusion
    OMB believes that DHS, in its short life, has demonstrated a 
commitment to sound financial management. Similar to the Committee, OMB 
has a strong interest in preventing potential waste, fraud, and abuse 
at DHS and at all federal agencies, and we look forward to working with 
the Department to ensure that its accounting and financial controls 
system are as effective and efficient as possible.
    Thank you, Mr. Chairman. I look forward to answering your 
questions.

    Chairman Cox. Thank you. Our finance witness is Michele 
Flournoy, who is a Senior Advisor at the Center for Strategic 
and International Studies, in the International Security 
Program. Welcome.

 STATEMENT OF MICHELE FLOURNOY, SENIOR ADVISER, INTERNATIONAL 
   SECURITY PROGRAM, CENTER FOR STRATEGIC AND INTERNATIONAL 
                            STUDIES

    Ms. Flournoy. Thank you, Mr. Chairman, Mr. Turner, and 
other members of the committee. Thank you for inviting me to 
testify this afternoon. I have been asked to address a slightly 
different issue, as an outsider, the issue of what a strategic 
planning system might look like for the Department of Homeland 
Security, based on my own experience in strategy and planning 
at the Pentagon.
    The Department of Homeland Security faces several 
challenges that really emphasize the need for and importance of 
strategic planning. Its mission is vital to the welfare of the 
Nation. It is facing very real day-to-day terrorist threats. It 
is trying to integrate this very diverse array of organizations 
with their own cultures and traditions and ways of doing 
business.
    It is responsible for spending billions of taxpayer 
dollars, and it is trying to balance the very near term with 
the long term. It needs a unifying vision, a strategy for 
achieving its objectives, and a clear set of priorities to 
guide resource allocation and risk management. It is difficult, 
if not impossible, to do these things absent an effective 
strategic planning process. So what should that planning 
process look like?
    I think there are five critical elements. The first and 
what I would call the foundation is a comprehensive and 
integrated assessment of homeland security threats and 
vulnerabilities. Such an assessment is absolutely critical to 
setting priorities, to making the hard choices about where to 
place emphasis and where to accept or manage risk, to 
reconciling competing interests and to allocating resources 
effectively.
    The second key element is the development and refinement of 
the President's homeland security strategy. This is a strategy 
that should define our national objectives in homeland 
security, as well as the strategies and capabilities and 
processes necessary to achieve those objectives. It should 
clarify an interagency division of labor. It should also 
clearly articulate priorities for resource allocation across 
the Nation's portfolio.
    Unfortunately, the current iteration of that strategy falls 
short of meeting these criteria. I believe it needs to be 
revised. I would urge you to consider tying this document to 
the budget and performance review cycle and calling on the 
administration to actually update and submit it to Congress on 
an annual basis as a foundation for not only the Department's 
planning, but for interagency planning and homeland security.
    The third key element of strategic planning is, as has been 
mentioned, a 5-year plan for the Department of Homeland 
Security, and I applaud DHS's efforts in embarking on this 
exercise. This is something that should provide the Department 
with a blueprint for developing its budget, identify and 
prioritize capability shortfalls that need to be addressed, 
specify short-term actions that deserve to be taken on a 
priority basis as well as highlight longer term investments 
that need to be made.
    It should be, in my view, an internal classified document 
that provides front-end authoritative guidance to the various 
components of the Department for their budget submissions. It 
should be a living document that is reviewed and revised on an 
annual basis, though it ideally could form the basis for multi-
year appropriations.
    The fourth key element is an annual program and budget 
review process. And, here again, I would applaud the formation 
of a PA&E office in the Department. This is critical to 
ensuring that the program and the budget of the Department 
actually reflects the Secretary's priorities and the 
President's priorities for homeland security. It is really the 
key process that ensures that the components are building their 
budgets according to the Secretary's guidance. It is a key 
element that allows the Secretary to enforce his vision, his 
priorities across the rest of the Department.
    It is also key to making hard choices, key trade-offs that 
need to be made early in the budget making progress as opposed 
to late when it is more difficult to deal with them.
    The final key component I would highlight for you is an 
annual execution or performance review. That is a retrospective 
look that looks at the Department's previous year of 
performance and tries to identify where resources were not 
spent according to plan, flag programs that are no longer a 
priority, highlight priorities that weren't foreseen before. 
This is a critical tool for the Secretary to identify key 
issues for the next program and budget cycle, and to enforce 
accountability within the Department.
    In addition to these elements, there are a lot of 
intangibles that will be critical to making this a success: 
Ownership by the Secretary of the process, making sure the 
process includes all relevant internal and external 
stakeholders, making sure that there is appropriate interaction 
across the interagency spectrum.
    I think this approach has a number of organizational 
implications for the new department, and I believe that these 
could be implemented with a relatively few number of personnel, 
but would give the Secretary disproportionately large leverage 
in making these organizational changes. The first is to 
establish a strategic planning office whose mission expressly 
is to define and prioritize objectives of the Department and to 
develop the 5-year plan. This, in my view, should also include 
a threat assessment unit that is charged with thinking like a 
terrorist, not dealing with the day-to-day threat assessment 
but the long term. How is this threat evolving? How do we stay 
ahead of it as we plan for the future?
    The second key element is a Program Analysis and Evaluation 
Office that is charged with undertaking homeland security 
mission area assessments and program assessments to identify 
priorities for resource allocation and to orchestrate the 
program and budget review process.
    The third is an office that is focused on program 
performance and execution, again an office that would look 
retrospectively at the previous year's execution and try to 
enforce a degree of accountability within the Department for 
upholding the Secretary's priorities.
    Finally, as you all consider changes, I would urge you to 
keep in mind the need for flexibility and adaptability. This is 
a department that is dealing with a dynamic threat that needs 
unprecedented flexibility to be able to respond to that threat 
in a timely manner.
    Overall, let me just sum up by saying that I think there is 
no other department of the Federal Government where a coherent 
and effective strategic planning process is more important.
    Thank you very much.
    [The statement of Ms. Flournoy follows:]

     Prepared Statement of Michele A. Flournoy Senior Advisor for 
 International Security Center for Strategic and International Studies

    Mr. Chairman, members of the Committee, thank you for inviting me 
to testify this afternoon before this distinguished body. I have been 
asked to address the issue of what a strategic planning system for the 
Department of Homeland Security might look like, based on my strategy 
and planning experience in the Pentagon.
    Although the Department of Defense and the Department of Homeland 
Security are different in many ways, they do share some common 
challenges - challenges that underscore the need for and importance of 
strategic planning in each case. Both are:
     charged with missions that are vital to the health and 
welfare of the nation--protecting the American people and our way of 
life is a mission in which we cannot fail;
     facing persistent and resourceful enemies;
     large, complex bureaucracies comprised of a number of 
diverse and (in some cases, previously independent) organizations with 
their own cultures, traditions, and ways of doing business;
     responsible for spending billions of taxpayer dollars as 
efficiently and effectively as possible;
     perennially in the position of having more program than 
budget; and .
     trying to balance near-term demands against long-term 
investments.
These challenges make it that much more important for each Department 
to have a unifying vision, a strategy for achieving its objectives, and 
a clear set of priorities to guide resource allocation and risk 
management. It is difficult, if not impossible, to create these absent 
an effective strategic planning process.
    Strategic planning is even more crucial for a brand new department 
that is bringing together diverse cultures and personnel systems, 
finding its place in the interagency process, and dealing with very 
real and immediate threats and operational responsibilities while still 
trying to get its telephone and computer systems to work. Without a 
clear strategic planning process, directed from the top, and a cadre of 
professionals for whom this is their only responsibility, the immediate 
will always crowd out the long-term planning that is so critical to the 
Department's ultimate success and to the nation's security.

Strategic Planning in the Department of Homeland Security: Elements of 
Success
In my view, strategic planning for homeland security must include five 
critical elements:
     A comprehensive, integrated assessment of homeland 
security threats and vulnerabilities: Such an assessment is critical to 
setting priorities, reconciling competing interests, and allocating 
resources effectively. If we try to protect equally against all 
possible threats, we will protect adequately against none. Although 
there has been significant discussion of threats and vulnerabilities, 
no one in government has yet conducted the kind of creative, integrated 
analysis that is necessary to determine which should be accorded the 
highest priority - and which should be accorded the least. Without a 
regular, disciplined, and comprehensive threat and vulnerability 
assessment process that considers both the probability of various types 
of attacks and the severity of their consequences, decision makers will 
have little analytic basis for making tough strategy choices about 
where to place emphasis, where to accept or manage a degree of risk, 
and how best to allocate resources to improve America's security.
     Development and refinement of the President's Homeland 
Security Strategy: This strategy should define our homeland security 
objectives as well as the strategies, capabilities and processes 
necessary to achieve those objectives. It should also define a clear 
division of labor among all of the actors at the federal level, clearly 
identifying which agencies have lead responsibility in which areas, and 
which should be prepared to provide support. In short, the strategy 
should point the way toward well-defined roles and responsibilities, 
coordination processes, and operational procedures for enhancing the 
accountability and performance of the U.S. government across the 
homeland security domain. Based on the integrated threat vulnerability 
assessment described above, the strategy should also clearly articulate 
priorities to guide resource allocation for homeland security across 
the nation's investment portfolio--creating a foundation for unifying 
the efforts of the federal government and establishing the conditions 
for effective cooperation and coordination with state and local 
governments and the private sector. Unfortunately, the administration's 
current Homeland Security Strategy falls short on a number of these 
counts and needs to be revised. In order to ensure that it remains a 
living and relevant document, the Homeland Security Strategy should be 
tied to the budget and performance review processes and reviewed, 
updated and submitted to Congress on an annual basis. The Department of 
Homeland Security should play a critical role in assisting the Office 
of Homeland Security in drafting this document for the President.
     Development of a Five-Year Plan for the Department of 
Homeland Security: Keying off the integrated threat-vulnerability 
assessment and the President's Homeland Security Strategy, the 
Secretary of Homeland Security should develop a five-year plan to guide 
the Department's activities and investments. Such a plan should clarify 
the Department's roles and responsibilities in supporting the Homeland 
Security Strategy, articulate the Department's objectives in its areas 
of responsibility, and develop strategies for achieving these 
objectives. It should provide the blueprint for developing the 
Department's budget, identifying and prioritizing capability shortfalls 
that need to be addressed, specifying short-term actions to be taken on 
a priority basis, and highlighting long-term investments to be made to 
enhance performance in critical areas. This plan should be a classified 
document issued by the Secretary to provide authoritative front-end 
planning and programming guidance to the Department's various 
components in developing their budget submissions. It should also be a 
living document that is reviewed and revised on an annual basis, though 
it could ideally form the basis for multi-year appropriations for the 
Department. The process of developing this plan should include all 
stakeholders within the Department, as well as close consultations with 
the White House Office of Homeland Security, relevant Congressional 
committees like this one, and key state, local and private sector 
partners. The development of such a strategy-based, integrated, multi-
year action plan will be critical to ensuring that the new Department - 
and the USG more broadly--gets the highest possible return on what is 
likely to be tens, if not hundreds, of billions of dollars invested in 
homeland security over the next several years.
     An Annual Program and Budget Review Process: In order to 
ensure that the Department's resources are being spent according to its 
priorities, the Secretary of Homeland Security should establish a 
rigorous program and budget review process whereby the activities and 
expenditures of the Department are reviewed annually in light of the 
Five-Year Plan's objectives and priorities. This review process would 
provide a mechanism for ensuring that the actions of various components 
accord with the Secretary's guidance, and would provide the Secretary 
with a critical mechanism for monitoring and enforcing implementation 
of his priorities and those of the President. It also would ensure that 
the most difficult and important resource decisions and trade-offs come 
to the Secretary's attention early rather than late in the budgeting 
process.
     An Annual Execution Review: The purpose of this review 
would be to examine how the Department's monies were actually spent in 
the previous year, particularly in the Secretary's highest priority 
areas in the Five-Year Plan, in order to identify areas in which 
resources were not allocated according to plan. This retrospective 
exercise is also an opportunity to identify gaps in previous planning, 
flag programs that are no longer a priority due to changing 
circumstances, and highlight new opportunities for investment that were 
not previously foreseen. This is a critical tool for the Secretary to 
identify issues and lessons learned for next program/budget cycle and 
to enforce accountability within the Department.
    In order to be effective, a strategic planning process for the 
Department of Homeland Security would require several additional 
elements. First, it must be ``owned'' by the Secretary. That is, he 
must be engaged personally in leading the process and must communicate 
to the Department that this is the process he will use to set his 
priorities and make critical resource allocation decisions. Second, the 
process must include all internal stakeholders. Any office responsible 
for implementing an element of the Secretary's Five-Year Plan should be 
consulted during its formulation. Third, the process must be resource 
constrained. A strategic planning process that does not take resources 
into account will fail to help decision makers to make tough choices 
about where to place emphasis and where to accept or manage risk. In 
order to be useful and relevant, the strategic planning process must 
consider the fiscal guidance as a critical input. Fourth, outside 
stakeholders, ranging from key committees and members of Congress to 
key partners in state and local government, should be engaged in 
regular and substantive consultations as the strategic planning process 
unfolds. Although parts of the Department's Five-Year Plan may need to 
be classified, the process should not be conducted in secret. DHS will 
need to create unclassified fora and documents to enable public 
scrutiny and debate. Your views, as the committee of jurisdiction, 
should provide critical input to the Secretary as he devises and 
revises his Five-Year Plan. Finally, the Department's strategic 
planning effort should obviously take into account broader interagency 
efforts to enhance homeland security in order to create greater unity 
of effort across the U.S. government. Ideally, the White House should 
conduct an annual review of all homeland security programs across the 
federal government.

Organizational Implications
    Putting such a strategic planning process in place would require 
empowering the Secretary of Homeland Security's office by creating a 
cadre of 50-75 professionals dedicated to and trained for this 
function. This small investment of resources would significantly 
leverage the Secretary's ability to fulfill his mandate.
    First, the Secretary's office should include a strategic planning 
office whose mission would be to define and prioritize objectives for 
the Department and develop the Secretary's Five-Year Plan to meet those 
objectives. This office would also interact with the White House in the 
development of the President's Homeland Security Strategy. This office 
should include a small threat assessment unit specifically charged with 
"thinking like a terrorist" and researching likely ways in which the 
security of the United States could be breached in the future. In 
contrast to the near-term, operational focus of the more substantial 
information analysis directorate, this small analytical staff would 
focus on the mid- to longer- term, and would undertake disciplined 
reviews of evolving terrorist objectives, doctrine, and techniques in 
an effort to inform the development of longer-term strategy and 
investment priorities for the Department. This office should draw 
widely on the intelligence and research communities in both the United 
States and other countries.
    Second, the Secretary's office should include a program analysis 
and evaluation office charged with undertaking assessments of homeland 
security mission areas and programs to identify priorities for resource 
allocation as well as orchestrating the Department's annual program and 
budget review process. This office could also participate in the annual 
cross-cutting interagency review of homeland security programs proposed 
above.
    Third, the Secretary's office should include an office responsible 
for reviewing program performance or execution within the Department, 
as described above. Putting this office under the Chief Financial 
Officer, who controls the dollars, would likely enhance its 
effectiveness in being able to hold other parts of the Department 
accountable and enforce implementation of the Secretary's guidance.
    Finally, the administration and Congress should strive to make the 
new Department as flexible and adaptive as possible. Given the dynamic 
nature of threats, the homeland security mission will require an 
ongoing reevaluation of strategy and possibly some rapid changes in 
programs and resource allocation to respond to new threats that emerge. 
That is why it is important to make the new Department more adaptive, 
flexible, and able to work across organizations than those of the past. 
More specifically, it is imperative that the new Secretary of Homeland 
Security be given the authorities to reprogram substantial monies in 
response to new threats, facilitate more rapid acquisition of high 
priority goods and services, and reform and reorganize offices within 
the Department with appropriate notice to Congress. This will obviously 
require an unusually close working relationship with this committee.

Conclusion
    Given the importance of its mission, the size of its budget, and 
the enormity of the challenges it faces, the Department of Homeland 
Security is in dire need of an effective strategic planning 
process.Based on lessons learned in the Department of Defense, the 
relatively minor process and organizational changes recommended here 
could have a substantial impact on the new Department's effectiveness. 
Absent such reforms, the Department is unlikely to be able to fulfill 
its mandate of making meaningful improvements in our homeland security. 
Concrete steps should be taken on an urgent basis to empower the 
Secretary of Homeland Security to establish an effective strategic 
planning process in the new Department.

Strategic Planning in the Department of Homeland Security

Strategic planning for homeland security must include five critical 
elements:
     A comprehensive assessment of homeland security threats 
and vulnerabilities
     Development and refinement of a Homeland Security Strategy
     Development of a Five-Year Plan for the Department of 
Homeland Security
     An Annual Program and Budget Review Process within DHS
     An Annual Execution Review within DHS

In order to be effective, the strategic planning process must also:
     Be ``owned'' by the Secretary
     Include all internal stakeholders
     Be resource constrained
     Engage outside stakeholders, such as key members of 
Congress, in regular and substantive consultations
     Take into account broader interagency efforts to enhance 
homeland security.
    Putting such a strategic planning process in place requires 
empowering the Secretary of Homeland Security's office. These changes 
would likely require identifying and training 50-75 people to fulfill 
these functions--a small investment of resources that would 
significantly leverage the Secretary's ability to fulfill his mandate.
     Establishing a strategic planning office to define and 
prioritize objectives for the Department and develop the Secretary's 
Five-Year Plan to meet those objectives. This office would also 
represent the Department in the drafting of the President's Homeland 
Security Strategy. It should include a small threat assessment unit 
specifically charged with ''thinking like a terrorist'' and researching 
likely ways in which U.S. security could be breached in the future.
     Creating a program analysis and evaluation office. This 
office would undertake its own assessments of mission areas and 
individual programs as well as orchestrating the Department's annual 
program and budget review.
     Tasking part of the CFO's office with reviewing program 
execution within the Department on an annual basis to ensure 
implementation of the Secretary's guidance.
     Giving the Secretary authorities to make the new 
Department as adaptive and flexible as possible in the face of changing 
threats and opportunities.

    Chairman Cox. All of the members except the chairman and 
the ranking member will be recognized for 8 minutes, who will 
be recognized for 5 minutes of questions.
    Does any Member on our side wish to proceed? Mr. Gibbons.
    Mr. Gibbons. I will yield to Mr. Linder.
    Mr. Linder. I just have one question for Ms. Flournoy. You 
said something that got my attention, that we should have some 
group of people in this Department trying to think like 
terrorists.
    If you were thinking like a terrorist, would you be 
thinking suicide bombings at large events?
    Ms. Flournoy. I don't think like a terrorist every day. I 
do think that is something we need to assess. But I am not in a 
position to give you a credible assessment of likelihood and 
severity of consequences and so forth.
    My point in raising it is I know the Department has a 
directorate that is responsible for information analysis. But 
they rightly have a very near-term day-to-day focus and 
responsibility. I think you need a separate group of people who 
are focused on the long term and who can inform the strategic 
thinking of the Department while looking at the long term, and 
they should be separate from the other directorate and part of 
the strategic planning organization.
    Mr. Linder. Thank you.
    Chairman Cox. Mr. Gibbons.
    Mr. Gibbons. Thank you, Mr. Chairman. I had a couple of 
questions for Dr. Carnes and perhaps Mr. Berman. The view that 
we have consolidated 20 plus organizations into one with 
disparate financial and accounting methods is not uncommon, 
either in government or in the private sector, especially in 
the day and age of massive corporate mergers.
    Has there been any consultation sought from the private 
sector with regard to how individuals or entities within this 
new agency are coping with or dealing with the experiences of 
mergers of financial accountability?
    Mr. Carnes. Yes, sir. A couple of points, if I could. First 
off, before I came into the administration, I spent 8 years in 
Defense in the finance and accounting arena, and I was the 
Deputy Director of DFAS. When I went to DFAS, we had 328 
finance and accounting systems in DOD. When I left we were down 
to 30 systems. We consolidated systems and we consolidated 
operations.
    So I am blessed, I guess you could say, with having had a 
fair amount of experience in that area myself. I have brought 
some people in who I knew at DOD who have also been involved in 
that, and they are applying their skills and knowledge to the 
problems that we have in consolidation and integration at 
Homeland Security.
    In addition, we have consulted with private sector 
companies. I will just give you an example. The Hewlett-
Packard-Compaq merger, for instance, is one that we recently 
met with. And they came in and met with the Secretary, and they 
have briefed the senior leadership on how integration of 
disparate systems and business processes worked in their case.
    I have also visited a number of companies who have engaged 
in this process, too. So, yes, we do have some familiarity with 
that.
    Mr. Gibbons. Let me say that in my experience in life 
change is not inevitable, but the most difficult thing about 
change is not accepting the new, but letting go of the old way 
that you have done things. When you change from 22 separate 
accounting systems to 10, primarily through terminating 
memorandums of understanding with legacy agencies that are out 
there, as you report in your testimony, what has been your 
experience? What comments, what push-back have you received 
from those individuals who are reluctant to accept changes to 
their accounting?
    Are you able to convince them, cajole them, persuade them 
in some way to change the accounting methods, even though they 
are used to the old way that they have done things in the past?
    Mr. Carnes. Yes, sir, if you will allow this little 
anecdote. When I was in DOD, my early years there, we used to 
try to persuade the military services to change their 
accounting and finance systems and practices by saying they 
would be CFO compliant. And I would say to my masters that you 
show me a CINC who cares about CFO compliance and I will show 
you a CINC who doesn't deserve his job. His job is to fight 
war. Our job is to do that as well.
    And what we are doing is, we are selling our initiative, 
because we are going to provide to our operators at the pointy 
end of the spear the information they need to know and business 
processes that tell them where they are.
    So they are going to get something themselves that is 
useful here, and they are looking at it. They are involved in 
the requirements definition process.
    Mr. Gibbons. So this is an incentive basis which you have 
encouraged them to adopt to the new consolidated procedures of 
accounting?
    Mr. Carnes. Yes, sir.
    Mr. Gibbons. Mr. Berman, of the 80 reports that are out 
there, financial reports I would imagine, financial management 
reports, there is an absolute need for consolidation throughout 
this process. What are you doing to assure Congress that we are 
getting the right information as reported to us in this process 
while you look at the consolidation of these various financial 
management systems so that we have the confidence to know that 
what is needed for our oversight is actually what is being 
reported to us?
    Mr. Berman. Yes, sir. One thing that we have done, similar 
to what Dr. Carnes was describing, we have in fact adopted a 
model for the financial statement audit that is used by large, 
complex corporations.
    In order not to miss major issues inherent in the 
individual components, we actually have six separate teams, 
each headed by a partner of our CPA firm, that are looking at 
the underlying systems, controls and accounting processes at 
those separate components, and then merging all of that 
information into one consolidated opinion.
    This, we believe, will flesh out all of the weaknesses that 
need to be fixed, including the 18 we have inherited, and 
possibly some additional ones, so that appropriate attention 
can be placed on those issues.
    I would point out also that for the kind of incentives 
discussed by Dr. Carnes, we are still talking about the future. 
The individual components are still largely run using their own 
systems, which again has largely complicated the audit, and 
presented some major challenges.
    But in the end, I think we will have a comprehensive road 
map of those issues that need to be addressed.
    Mr. Gibbons. Let me ask a question with regard to the grant 
system, because out there is an enormous amount of financial 
aid, financial grants that are being submitted to States at 
their request. How are we matching up all of the information we 
are getting back to see whether or not those grants are 
effective? Are we achieving what we intend to achieve; in other 
words, a greater measure of security for this country through 
those grants?
    How are you looking at the follow up of those grants?
    Mr. Berman. We inherited a sizable sum from--in terms of 
grant programs--from FEMA. And, again, there was--there is 
quite a history there. We also inherited the entire staff of 
the IG at FEMA. So, we basically inherited quite a body of 
knowledge on how those programs are run.
    One of the common findings there is the fact that greater 
attention needed to be placed on overseeing the work of the 
States. Typically, those grants were made to the States, and 
the States in turn subgranted to local governments, and that is 
where a lot of the breakdowns occurred.
    We are beginning to focus a lot of our attention on the 
actual accomplishments of those grants and working with FEMA 
and the States to perhaps address some of these systemic 
problems up front.
    One of the areas where we did not inherit a lot of staff is 
from the Department of Justice. So, one of the first things we 
did was initiate some work looking at the Office of Justice 
Programs' mechanisms for awarding and controlling their grants. 
We are looking into why it has taken so long for ODP to issue 
grants and for the States and localities to spend the money 
that they received in 2002.
    So, we have a sizable amount of work underway that will 
help us identify and fix substantive problems in that whole 
process.
    Mr. Gibbons. Thank you, Mr. Chairman. My time has expired.
    Chairman Cox. Well, it is good of you to say that for a 
change. The chairman usually has to point that out.
    Mr. Pascrell is next on this side.
    Mr. Pascrell. Thank you, Mr. Chairman. Mr. Chairman, before 
I get to the questions just an observation, particularly in 
view of what we are discussing today. All of us up here are, as 
you are, concerned about developing a Homeland Security 
Department that is effective as well as being efficient.
    But in our hesitancy, excuse me, in our rush to communicate 
to the American people that we are actually doing something to 
defend our neighborhoods, I think we should send up a very 
strong cautionary note about spending.
    Because, somehow and in some way, we will jointly defend 
the Nation at home. But we can't overreact. And I think that is 
a pretty strong word and I want to use that word. We cannot 
overreact and simply spend money on what we think we need.
    And that leads me to my first question. I was going to ask 
it to Mr. Carnes, but I would rather ask it first to Ms. 
Flournoy, and here is the question. Would a comprehensive 
threat and vulnerability assessment aid the Department's 
program and budget review process?
    Ms. Flournoy. I believe, sir, that it would not only aid 
it, but it is difficult to do an effective strategy development 
and program review process without it. You know, in the DOD 
context we always started with a threat assessment. You have to 
start with an assessment of the environment in which you are 
working and, make judgments about where you are going to place 
emphasis, where are you going to accept or manage risk. That is 
the basis for making choices and strategies, setting 
priorities, deciding on programs and so forth.
    So I think it is exceedingly difficult to undertake that 
whole strategic planning process without that as a starting 
point.
    Mr. Pascrell. That is the way it is supposed to work?
    Ms. Flournoy. That is the way it is supposed to work, and 
in other departments it does work.
    Mr. Pascrell. We have not included that, though, in this 
legislation, unless I have missed something, Dr. Carnes.
    Mr. Carnes. It is not in the legislation, sir, but we begin 
with a threat assessment.
    Mr. Pascrell. What do you mean we begin?
    Mr. Carnes. When we begin at the Homeland Security 
Department to do our program and planning, we draw a picture, a 
threat picture, if you will, with the best information we have 
available at the time, to develop that threat assessment so we 
can guide the development of our programs.
    Mr. Pascrell. Has that been shared with the Government 
Reform Committee or this committee?
    Mr. Carnes. Sir, Mr. Cox referred to--Mr. Turner referred 
to Mr. Liscouski's testimony. I am not familiar with that 
testimony. So I don't know what they have provided to the 
committee. But I can find out for you and get back to you.
    Mr. Pascrell. But I think we would all agree then that in 
order-before we should spend money--before we have to spend 
money--there should be this assessment, and it should be very 
clearly defined so that we are going in a specific direction 
and we are not spending money before we think or plan. We all 
agree on that?
    Mr. Carnes. As a general matter, I agree with you.
    Ms. Flournoy. Absolutely.
    Mr. Pascrell. Should this be included in this legislation, 
do you think?
    Mr. Carnes. No, I don't think so because I think that the 
habits that you are talking about are basic institutional 
behaviors that DHS is adopting and following. If I might add 
one point, Ms. Flournoy's comments on what the five key 
elements are of developing this plan, I could not agree more 
with her. These are five key elements. We support them and we 
are doing them.
    Mr. Pascrell. Do we have that, Chairman Cox? The 
assessment, upon which we are going to base the budget, look at 
the budget, review the budget, have oversight over this budget?
    Mr. Carnes. I was going to say, Mr. Chairman, if I might--
pardon me for interrupting--we will publish in the very near 
future our strategic plan which derives from our assessment of 
the threat at the time, and that will guide the development of 
our programming guidance and our budgeting guidance and then 
our program and budget as it is proposed to the Congress.
    Mr. Pascrell. You know the situation we are in with regard 
to the budget process. We are heading for the perfect storm and 
we are looking at, all of us, both sides of the aisle, at what 
is being spent, and I think we are trying to do that in a 
respectful and responsible way.
    Just a few weeks ago, the Comptroller General of the United 
States said in a very, what I think is--we all should read the 
speech he gave before the National Press Club--the Federal 
Government's current financial statements and annual reports do 
not give policymakers-I guess that is us-and the American 
people an adequate picture of our government's overall 
performance and true financial condition.
    Would you agree with that, Dr. Carnes?
    Mr. Carnes. Yes.
    Mr. Pascrell. Would you agree with that, Mr. Berman?
    Mr. Berman. I would.
    Mr. Pascrell. And would you agree with that, Ms. Springer?
    Ms. Springer. I would within the context that he was 
describing it.
    Mr. Pascrell. What about Ms. Flournoy?
    Ms. Flournoy. I would from a lay person's perspective.
    Mr. Pascrell. This is a pretty serious issue. The recent 
accountability failures in the private sector served to 
reinforce the importance of proper accounting and proper 
reporting practices and I'm very concerned about those 
practices so that we do not duplicate the error within the 
private sector, particularly in a new department where we are 
trying to organize it and we are not clear yet as to what 
direction it is going in and we are not even clear as to who 
has oversight over that department.
    I mean the fact that something like this has to go to two 
committees, that it has to go to the Committee on Government 
Reform and then it has to go to the Homeland Security 
Committee--and God knows maybe it won't have to go next year 
because maybe we won't be here--says to me the significance of 
this committee, which I think is always a question. But one 
wonders whether we really want to get to the objective, and 
that is to have a true assessment before we spend the people's 
money.
    Chairman Cox. Will the gentleman yield? Obviously Dr. 
Carnes is not going to comment on our House committee 
organization but I would point out to the gentleman that the 
CFO Act has been within the jurisdiction of the Government 
Reform Committee, which was previously the Government 
Operations Committee, since its inception, since we originally 
wrote the legislation. I was very actively involved in that as 
a member of the committee. And the CFO Act applies to everybody 
single Cabinet department in the Federal Government. As a 
result, that committee, the Committee on Government Reform has 
jurisdiction over its reach to the extent that it applies to 
all of these different departments and there are always at 
least two committees, as a result, that will have jurisdiction 
over this. And it is completely normal that that is the case.
    Mr. Pascrell. Well, Mr. Chairman, if I may.
    Chairman Cox. As the authorizing committee, we would 
maintain our jurisdiction over the Homeland Security Act.
    Mr. Pascrell. Chairman, this is the debate we have all the 
time, and we know who the authorizing committees are. And the 
problem is that the members--the chairmen and ranking members 
of all those authorizing committees are on our committee and 
the question is jurisdiction and I think it is a very valid 
question as to whether we want to move forward or whether we 
want to get stuck in the bureaucracy. We need answers and we 
need action. That is why I asked the question. That is why I 
brought emphasis to the point.
    Thank you.
    Chairman Cox. The gentleman makes a very good point, and I 
think as you know our Rules Subcommittee is working diligently 
on this. My own view, and I think the view of most of the 
members of this committee, is that it is vitally important that 
there be one authorizer for this department if we are going to 
have success, if we are as a Congress going to participate in 
an effort that is going to be successful.
    Mr. Sweeney is recognized for 8 minutes.
    Mr. Sweeney. Thank you, Mr. Chairman. I am probably not 
going to take the full 8 minutes. I have some simple questions 
and really a statement, and it is consistent with some of the 
questions that have been asked. Certainly, I think it is 
consistent with what Mr. Pascrell was just talking about, but 
it is a perspective that I don't think has been stated by too 
many Members of Congress.
    All of you have given testimony that--and all of you have 
endorsed the notion of establishing a process of developing 
better strategic planning or some strategic planning in this 
instance. But haven't we in Congress set you up for a fall? And 
that is from my point of view we have established a system of 
formulization throughout ODP grants and the grant process that 
is fundamentally so flawed you cannot do strategic planning 
because you are locked into some arbitrary formulizations that 
from where I come from do not make a lot of sense. They are 
counterintuitive or counterproductive to the idea that we 
establish a stream of funding that is threat-based. We sort of 
treated it like Congress kind of treats everything, and that 
is, ``I have got to make sure I bring something home.''
    And so this committee I think is going to, in a broad bill, 
address some of the formulization issues. I have a bill of my 
own that bases the ODP portion--and I hope it serves as a 
precedent--on threat, vulnerability and consequences and, 
therefore, I think directs from Congress to the agency itself 
the kind of focus that you need to be able to create the 
strategic planning and the management style that you need.
    I would like to hear from Mr. Carnes and Mr. Berman on 
this. And then I want to talk about the back end of it because 
I think what we need to do is give you the tools to be able to 
focus the dollars where they need to go and then we need to be 
assured--I agree, Ms. Flournoy, that there needs to be 
flexibility here, but we need to have the confidence that 
within that flexibility we are going to be able to quantify the 
results.
    Dr. Carnes, please tell me how much an impediment is the 
current formulization process?
    Mr. Carnes. The Secretary in the fiscal year 2004 
appropriations process talked about this issue at great length 
in a variety of different forums, and I will just say that we 
are very pleased in the way the appropriation came out with the 
flexibilities that we can get in the ODP grants because those 
flexibilities do provide some discretion to respond to where we 
see an increased threat and vulnerability and risk.
    Mr. Sweeney. If I could interrupt, if there is a 
requirement that you send 40 percent based on some per capita 
notion, seemingly grabbed out of the sky in our rush to make 
sure we get something established, which is understandable, how 
effective can you be at getting dollars to where real risk 
exists and how flexible can you be to adjust that? I don't see 
how it works.
    Mr. Carnes. I guess I would answer it this way. Obviously, 
in a world--in one kind of world you would have complete 
flexibility to deploy your assets as you deem appropriate. 
There are, however, other concerns that those involved in this 
process have and bring to bear, and that is what gets enacted.
    Mr. Sweeney. We cannot get it passed--I understand, we 
can't pass it unless someone feels like they are bringing 
something together. Is it an impediment? Rate it: High, medium, 
low.
    Mr. Carnes. I think I am going to leave that to the 
Secretary. Thank you, Mr. Sweeney.
    Mr. Sweeney. Well, Dr. Carnes, how are not going to answer 
that if you are the person in the position best able to offer 
us that advice? I am trying to help you here.
    Mr. Carnes. I am going to say at least medium.
    Mr. Sweeney. Mr. Berman?
    Mr. Berman. First of all, I would agree with Dr. Carnes' 
characterization as medium. Our office certainly endorses and 
would endorse any move to apply some sort of threat analysis 
before distributing those funds.
    One of the things we found in our recent assessments, 
interestingly enough, is that one of the reasons why it has 
taken some States and localities so long to spend the money 
they received in 2002 is that they are really trying to do it 
right. They have slowed down the process, in some cases, in 
order to try to make the equipment being purchased at the local 
level interoperable and to ensure that local plans are somehow 
integrated with State plans. This is not necessarily across the 
board, but we have seen a lot of that discipline at the State 
level already, and we are encouraged to see that.
    But again, I think in the final analysis there deserves to 
be a heavy emphasis on risk assessment.
    Mr. Sweeney. Right. The other two witnesses want to comment 
at all? Okay. Let me ask this question as a follow-up.
    I believe we have to restructure the methodology to get the 
funds out. But then we need to have the confidence that once 
that happens, we have tangible and appropriate measurements. So 
what are the metrics that would be needed to be developed in an 
audit process and how confident should we be that this mega 
agency now would be able to develop it so it could be 
implemented agency-wide?
    DOD--Ms. Flournoy, I agree with everything that you said, 
except DOD has had problems with its own audit processes. So 
maybe we could have that discussion about the audit metrics.
    Mr. Berman. I think the basic thrust of the IG's work is to 
assure that funds are invested wisely and that those 
investments produce measurable improvements in security.
    Which is where risk-based assessment comes in. First, there 
needs to be an agreement as to what is it exactly we are trying 
to accomplish with those grants? What are we trying to protect? 
What is the baseline today and how much do we expect that 
baseline to improve based on the investments we make?
    Mr. Sweeney. Dr. Carnes, have your offices begun that kind 
of focused attention and developed that kind of product?
    Mr. Carnes. Yes. Yes, we have. I have got right here, this 
is a draft list of performance metrics that we are going to--we 
are running through a clearance process in the Department right 
now that will accompany the budget when it comes up. This will 
be the grade card. When we do our budget review, the thing we 
want to know is what is the thing you are buying, why are you 
buying it, and what are we getting for it?
    Now, those are--your question was a great question because 
those are rock bottom, the very toughest issues to decide. I am 
not so much interested in process as I am in product. I want to 
know what the thing is. But the real trick is to figure out 
does it make a difference? That is a very tough one to assess. 
Is that the thing that prevents terrorism? How do you know? 
That requires good intel. You have to know where to aim.
    Mr. Sweeney. As I see my time has run out, let me give you 
a little bit of advice. The more interactive you are with this 
committee in particular, but with Congress in general on the 
establishment of those metrics, the more successful you are 
going to be. And believe me, we all want you to be very 
successful. Thank you.
    My time has expired, Mr. Chairman.
    Chairman Cox. Dr. Christensen is recognized.
    Mrs. Christensen. Thank you. Mr. Chairman, I do not have 
any questions at this time.
    Chairman Cox. Mr. Langevin is recognized.
    Mr. Langevin. Thank you, Mr. Chairman. If I could just 
follow up on a question Mr. Pascrell touched on and the 
previous question also for Mr. Carnes. In your testimony, you 
said that DHS has initiated a 5-year budget and planning 
program, and I am certainly pleased to hear that. But I am 
curious to know a little bit more about how this plan is being 
developed, whose input you are seeking in setting it up. 
Specifically, I want to know if the Information Analysis and 
Infrastructure Protection Directorate has had any role in this 
planning process and what information you are basing that plan 
on, given the fact that DHS has really yet to develop a 
comprehensive threat and vulnerability assessment, because it 
seems to me that this is obviously a critical precursor to a 
significant long-term budget decision. Likewise, how is your 
programming and budgeting system being developed in the absence 
of an overarching set of goals and priorities based on threats 
and vulnerabilities? I certainly appreciate the fact that you 
are seeking to follow DOD's successful program, but as you 
know, DOD already has in place comprehensive multi-year 
strategic plans, the QDR, Quadrennial Defense Review Plan and 
others that are continually updated and used throughout the 
Department as a reliable statement of priorities. So if you 
could elaborate on that, I would appreciate it.
    Mr. Carnes. Thank you for that question. It is a big 
question. We were going to do, when we went over to Homeland 
Security, a 5-year program and planning exercise whether it was 
required by law or not and we were pleased to see that it was 
required by law and that it referenced the DOD model in statute 
as the one that we should follow.
    The first year, in developing our fiscal year 2005 budget 
proposals, obviously we started in the spring and had to do 
lots of things simultaneously that normally we would do 
sequentially. We took our guidance from the President's 
National Strategy for Homeland Security. The Secretary issued 
guidance based on the President's strategy and his refinements 
of that strategy and issued guidance to the components to 
develop budget proposals in response to that. In the meantime--
to that guidance. In the meantime, we began the development of 
our strategy and our POM process to lead to the 5-year program. 
So all of these are going simultaneously, as I say. Beginning 
with the next one we do, these will all be sequential and one 
will flow to the next and one drives the next.
    But we do not, absent--we do not have information on which 
to build a program. What we are talking about now is the 
refinement and a fine-tuning, a calibration of the strategic 
plan and of the program guidance to implement that strategic 
plan. But the principles that guided our program and budget for 
2005 and the 2004 budget that was just passed were pretty clear 
principles and laid out very directly and succinctly, and those 
are what guided our program and what are guiding our program 
now.
    As to a threat picture, yes, we do have to have a threat 
picture. Is IAIP at the state that it wants to be? I don't 
think that it is. It is still evolving but that does not mean 
it is not doing anything. It is doing quite a lot of intel 
work. Quite a lot of threat assessment. And it is lashed up in 
the TTIC with FBI and CIA. And the Intelligence Community, 
working together, is providing this threat picture. That is 
what shapes our programmatic response.
    Mr. Langevin. So how are IAIP and others--.
    Mr. Carnes. We are doing what we call an environmental scan 
before we issue what the programming guidance would be, and the 
IAIP is the source of that information. They are the ones who 
inform the process with a threat picture.
    Mr. Langevin. And then they and others are communicating 
that and that is the way you are going to form a comprehensive 
5-year plan?
    Mr. Carnes. Every major component in the Department is a 
major player in the development of a 5-year plan. When we have 
a threat picture and when we refine the threat picture, then 
programmatically we develop guidance that the Secretary sends 
out to respond to that threat, to address that threat. The 
programs then develop their program proposals which come in and 
get reviewed by the senior officers of the Department. That 
leads to budget guidance. That goes to a budget review board of 
all senior officers of the Department trading off this against 
that and then in responding coherently to the whole thing, to 
the whole threat.
    So we try to make our decisions corporately as a 
corporation of senior leaders in the Department, but wearing 
two hats if you will. They are also proponents for their own 
particular organizations, but they are asked to make corporate 
decisions. The guidance comes from on top, the response comes 
from below. It filters up to the top and then the programmatic 
response is adjusted to fit that threat.
    Mr. Langevin. Now, have you brought in consultants that 
help the DOD prepare its QDR to help you in this planning 
process as well? Not consultants, but people from DOD?
    Mr. Carnes. Oh, yes, this guy right here I stole from 
Energy and previously they stole him from DOD. He is Dick 
Williams, the head of PA&E for me, and he has a long experience 
in program analysis and evaluation and he is doing a first rate 
job. And he has brought on his staff people from DOD and we 
have people throughout the organization with a DOD background.
    Mr. Langevin. I hope to follow up on this further.
    If I still have time, Mr. Berman, I appreciate your 
comments about the need for a grants management program and I 
certainly agree wholeheartedly. I was, though, very surprised 
to find recently that there is not even a simple database in 
place to track the money that flows to each State from DHS. My 
staff recently called the Department to find out more 
information just, for example, about a DHS grant being 
announced in Rhode Island which we had not received any notice 
of. And there was apparently no easy way for DHS to look up the 
list of grants that Rhode Island had received. Instead we had 
to speak to at least three different legislative liaisons in 
separate offices before we could even take an educated guess as 
to where the money was coming from.
    Let me say for the record that the staff there was very 
helpful, but I just found it amazing that no comprehensive 
database exists in order to help them access such basic 
information.
    So my question is would you comment on that and would your 
grants management program offer solutions to this problem?
    Mr. Berman. Absolutely. We have the same frustrations with 
the lack of such a system and we rely heavily on our--at least 
three of our regional offices to track the grants going into 
those areas. But certainly such a system would be at the heart 
of any system that would allow DHS to manage the flow of those 
grants and the status of those grants.
    We are somewhat hopeful with some of the developments at 
ODP--or what was ODP--in developing Internet-based systems to 
make it at least easier for applicants to request grants and 
then subsequently to track those. But we are still a long way 
away from the system that you are describing.
    Mr. Langevin. My time has expired. Thank you.
    Chairman Cox. I thank the gentleman. The chairman 
recognizes himself for purposes of questions.
    Dr. Carnes, my understanding is that the Department expects 
to have auditable fiscal year 2003 financial statements by 
November 15th?
    Mr. Carnes. Yes, sir.
    Chairman Cox. And you are on track to have an audit 
completed in January; is that right?
    Mr. Berman. That is correct, sir.
    Chairman Cox. January 31st?
    Mr. Berman. That is correct.
    Chairman Cox. Do you expect, Dr. Carnes, that that will be 
accompanied with a clean opinion?
    Mr. Carnes. Yes, I expect that it will. There are a couple 
of hurdles we have got to get over and I think we are going to 
get over them, but I think we will get a clean opinion.
    Chairman Cox. You were clear in your testimony, I believe, 
that it is the view of the Department that the CFO should not 
report to the Secretary and not be confirmed by the Senate; I 
am correct?
    Mr. Carnes. Yes, sir.
    Chairman Cox. And that is OMB's view as well?
    Ms. Springer. Yes, it is.
    Chairman Cox. Mr. Berman, you stated that OIG has no 
position on this change?
    Mr. Berman. That is correct. We have certainly seen it work 
both ways. Our primary concern is that the Department does, in 
fact, follow all of the requirements that fall under the CFO 
Act, and the Department, and Dr. Carnes has pledged to do that.
    Chairman Cox. Ms. Flournoy, you worked at DOD. At the 
Department of Defense, the CFO reports to the Secretary; is 
that correct?
    Ms. Flournoy. Yes, and it requires Senate confirmation.
    Chairman Cox. Did that work in your view?
    Ms. Flournoy. It did.
    Chairman Cox. Is there a reason that you can imagine that 
DHS should be unique among Cabinet level agencies and not have 
that requirement apply to it?
    Ms. Flournoy. Sir, I am not expert in that area so I really 
can't offer you a judgment.
    Chairman Cox. I am going to give Ms. Springer an 
opportunity to convince me that DHS should be the unique 
cabinet department in this case.
    Ms. Springer. I don't know if I will be convincing to you, 
Mr. Chairman, but I will give you a few points of information 
that may be helpful.
    My observation since I have been here over the past year is 
that while the act does require the reporting line to be drawn 
between the CFO and the Secretary, that in practice most of 
those CFOs are working connected to either the Deputy or some 
other Under Secretary, for Management in some cases.
    Chairman Cox. In fact that is right and that reporting 
requirement is as much an imposition of responsibility on the 
Secretary as it is a guarantee of a reporting line to the CFO.
    Ms. Springer. Right. And so I think that what has motivated 
that is to make sure that the Secretary is well plugged into 
financial accountability issues, that he or she takes them 
seriously.
    Chairman Cox. So in a word that the Secretary is 
accountable?
    Ms. Springer. Right. And I think that what we have found at 
the Department in our observation of Dr. Carnes and his 
interaction with Secretary Ridge and that there is that 
continuity or connection, that the Under Secretary facilitates 
that in this case, that the Under Secretary actually is able to 
coordinate the message that gets to the Secretary so he 
receives it in its fullest context.
So its relationship to IT and procurement and other financial 
issues--.
    Chairman Cox. Given the way the other agencies are 
functioning under the CFO Act, is there any reason to think 
that that could occur in DHS in the way that you are 
describing?
    Ms. Springer. It could occur. We have seen the product 
coming out of the Department on par and with the same 
seriousness that we see in other areas. I would say it both 
could work but it was more a sense of the coordination that 
this structure would provide.
    Chairman Cox. Dr. Carnes, are you planning to use outside 
auditors for any purposes?
    Mr. Carnes. The IG is using outside auditors in auditing 
our financial statements as well as doing some of the work with 
his own folks. I could conceivably--I can envision a 
circumstance in which I would hire a team from such an outfit 
to come in and look at an issue that I was concerned about if I 
did not have the staff to be able to do it.
    Chairman Cox. Mr. Berman, do you want to describe your 
plans in this regard?
    Mr. Berman. Yes, sir. Again, Dr. Carnes is correct. We are 
using a firm--we have engaged a firm to do both the audit--
    Chairman Cox. Which firm is that?
    Mr. Berman. KPMG. They have been engaged to do the audit 
for both 2003 and 2004 since in effect you almost need to start 
planning 2004 because of the accelerated time frames.
    Chairman Cox. Can you describe the scope of the engagement? 
What are their responsibilities in connection with the audit?
    Mr. Berman. They are responsible for arriving at an opinion 
on the financial statements presented as a whole. I would also 
clarify for the record OIG's position on the issue that you 
addressed with Dr. Carnes regarding a clean opinion. I 
appreciate Dr. Carnes' optimism that we will have a clean 
opinion. I think from the IG's standpoint we see the road ahead 
a little bit steeper than that. The obstacles are quite 
formidable and I would not want people to at this point expect 
a clean opinion. It will be a real challenge.
    Chairman Cox. Apart from the significant work involved in 
KPMG's engagement to audit the Department's financial 
statements, have we asked KPMG or any other outside firm to 
consult on the subject of the consolidation of financial 
controls within the Department with the 22 legacy agencies?
    Mr. Berman. One of the reasons that we chose KPMG, and in 
fact this case we went sole source for those 2 years because 
KPMG has already done substantive audit work at many, if not 
most, of the big components and we felt that KPMG could bring 
to the process a depth of knowledge about the specific 
operations of those individual components that we could not 
gain anywhere else.
    So now KPMG itself essentially is relying on its own staff 
in areas where perhaps some other IGs--or other CPA firms might 
bring in additional experts, such as in the area of penetration 
tests. They are using their own specialized staff, for example, 
to attempt to penetrate some of the financial systems or the 
networks that those systems are connected to. So essentially at 
this point we are relying primarily on KPMG.
    Chairman Cox. My specific question was are we asking them, 
in addition to their audit work, or are we asking any other 
firm, to offer assistance to the design of financial controls 
in the Department of Homeland Security, which after all is a 
merge of 22 legacy agencies?
    Mr. Berman. At this point, no, sir.
    Mr. Carnes. Actually, sir, that is my job and we have met 
with many of the firms already, and they have wasted no time in 
actually coming to see me because they know that is the 
business that we are going to be in. And we on our staff had a 
lot of familiarity with these firms, having worked with them on 
these kinds of projects in the past. We will be offering an RFP 
for contractor support and it will be substantial. We will 
probably have 350 people involved in this initiative, most who 
will be contractors or subcontractors from one of the major 
firms. Probably one of the major firms, but anyway whoever does 
the best job in the contract. But we will be having a lot of 
outside support.
    Chairman Cox. And this RFP that you have in mind is going 
to cover what?
    Mr. Carnes. It is going to cover the integration of 
finance, accounting, and budget systems across the Department 
and procurement systems, and it is going to develop the plan 
for integrating them and then deploying the solution within 2 
to 3 years.
    Chairman Cox. And when do you expect to issue your RFP?
    Mr. Carnes. In the late winter, early spring. We are 
engaged in a requirements definition process working with the 
components of the Department.
    Chairman Cox. Is it going to be the aim of that undertaking 
to redesign the financial controls of the Department?
    Mr. Carnes. We are not going to throw out anything that 
works but anything that does not work we are going to shoot in 
the head and redesign it.
    Chairman Cox. One of the things that I admire about your 
background is that before you entered government service you 
were an English professor and we need such people in this 
business who can speak English. But I want to be very clear 
what we are talking about here. We have got 22 separate 
agencies all with their legacy systems, 18 material weaknesses 
identified in the most recent audits. A lot of problems. And a 
great opportunity--
    Mr. Carnes. Right.
    Chairman Cox.--to throw out all the trash and do it right 
in a way that works for homeland security, which in fairness to 
all of these agencies was not even their design in the first 
place.
    Mr. Carnes. Right. Right.
    Chairman Cox. That is an ambitious opportunity but it is a 
great opportunity. And my question is, is that what we are 
doing? And is that work that is going to commence essentially 
with the issuance of this RFP next spring?
    Mr. Carnes. Basically, that is what we are doing. We will 
shrink the number of systems way down. We will have solid 
internal controls. It will be JFMIP compliant and it will be 
instantaneous real-time information for our managers, decision 
makers and operators, and we will strangle things that are not 
working.
    Chairman Cox. How do we--when we hire a firm to do this, 
how do we ensure that this is not just a financial exercise? 
Let's take the One Face at the Border initiative of the 
Department. we are putting together APHIS and Customs and INS, 
each of which has separate accounting systems. The way that you 
pick and choose among those or redesign them has a great deal 
of influence on the way people do their work. If we pick the 
INS approach as opposed to the Customs approach, that probably 
makes people at Customs unhappy. How do we make sure we are 
infusing management objectives into this process?
    Mr. Carnes. That is the essence of the requirements 
definition process. We are going to meet--the people who are 
involved here are not just or even financial geeks. We want 
operators who are folks--you cannot manage an organization with 
a financial statement, in response to somebody's question a 
moment ago. You cannot run an organization that way. You have 
to be accountable and produce the financial statements so that 
people know what you did with your money, but you cannot run an 
organization that way.
    You have to have a financial system that has the capability 
of giving you meaningful information. The essence of that is 
the involvement of our senior people throughout the Department. 
It is our expectation that the Secretary will shortly launch 
that initiative and call upon them to be involved from the get 
go.
    Chairman Cox. On the subject of getting useful management 
control information, let me dive immediately into what we 
learned about INS at the end of last year.
    The INS, which Congress abolished and is no more and is 
reconstituted within DHS in two principal parts, was on the way 
in the door unable to provide data on the number of immigration 
applications it received. It could not tell us how many of 
those applications were a work in process and how many of those 
applications were complete. This showed up in an audit because 
there are fees that are paid in conjunction with this, and in a 
flourish of Enron style accounting the Federal Government was 
booking the revenue before it did the work and then lost track 
of the work as a result.
    The proper way to do this, it is my understanding, is to 
book the fee as revenue to the government when you process the 
application and not before. This is something that has been 
identified as a problem. But it is not just a financial 
problem, it is a Homeland Security problem because if we cannot 
track our work flow, there are human beings behind these 
applications and they are the human beings that we are 
interested in putting into our watch lists and tracking in a 
U.S. visit program and in all other aspects.
    So the breakdown of a system that is supposed to keep track 
of the most basic thing, which is I applied, I have an 
immigration application and petition, I sent you a check, and 
we do not even know those figures that is pretty frightening, 
isn't it?
    Mr. Berman. Yes, sir, you are absolutely correct in your 
description of that problem. We are hopeful that the problem 
will be fixed this year.
    The DHS has implemented, the component (CIS) has 
implemented, a new system which is now being tested. To the 
extent that the system has been operating this year, we are 
comparing the results in that system to the actual results in 
selected offices. And hopefully, that will get us over this 
problem.
    Chairman Cox. I am sorry; I was just having someone whisper 
in my ear and I missed your last sentence.
    Mr. Berman. If those tests are successful which the 
auditors are conducting now--comparing the actual applications 
in selected offices with what the numbers are in the new system 
that they have developed--hopefully we will be over this 
particular problem. But this has yet to be seen. Those tests 
are still under way.
    Chairman Cox. We got the same bleak report when it came to 
grants. The amount of money that was missing was rather 
significant over the period between 1993 and 2000 and grant 
programs that are now the responsibility of DHA. $900 million 
just went missing.
    Mr. Berman. Sir, it is not that the funds were missing, but 
basically what happens is these grants are related to 
particular disasters. For some of these disasters, like the 
Northridge earthquake, there is still an office, a FEMA office 
on the West Coast, trying to resolve those issues almost a 
decade after the actual event. Unfortunately, what happens is 
some of these individual grants do not get closed out until 
years after the event. When the auditors arrive, they find that 
some of the funds were not spent in accordance with the actual 
grant agreement, and that is what results in much of those 
questioned costs.
    Chairman Cox. In fact, the $900 million to which you refer 
in your testimony and to which I just referred as well is not 
money that went missing. That is money that was spent for 
questionable purposes?
    Mr. Berman. That is correct, sir.
    Chairman Cox. But there was another $2.6 billion, half of 
which was not apparently spent at all, and that is the money 
that in my mind is missing. What is happening to money that is 
not spent? It is granted, but it is not spent?
    Mr. Berman. Yes, sir, this is basically no-year money. And, 
the reasons are quite varied. In some cases, the States and/or 
the localities simply are slow to develop specific plans to 
meet the State's requirements.
    Chairman Cox. No-year money is the same accounting device 
that we used this year when we created the BioShield program. 
And my understanding of this accounting and this legal 
authority that we are granting in this fashion is that it is 
indefinite so it mimics a permanent indefinite appropriation. 
Are you telling me that there is money that is out there from 
1993 and we are going to get a drawdown on that at some point?
    Mr. Berman. Yes. As far as the money that was cited by the 
former FEMA IG, I don't know the exact status of that. I am 
hopeful that by this time the bulk of that, if not all of that 
money has been spent.
    On the other hand--.
    Chairman Cox. I am not sure. If the grant was made way back 
then and people are just coming up with a reason to spend it 
now, maybe it would be best to jump in with legislation and 
take that money back.
    Mr. Berman. Sir, we are currently looking at the money that 
was awarded by ODP in 2002 to get a more recent understanding 
of how that money is being spent. And similarly, we found most 
of that money has not actually been spent. Now, a lot may have 
been obligated, but as much as 90 percent may still be unspent.
    Chairman Cox. I had intended to go last and wait until all 
the other members asked their questions, but I know that Ms. 
Jackson-Lee was here and wishes to ask questions. Mr. Shadegg, 
I don't know if you wished to ask questions, so I will yield to 
my colleagues.
    Ms. Jackson-Lee. Thank you, Mr. Chairman. I will not have 
time to ask my questions, but I simply would like to indicate 
that my interest is to ensure that there is fiscal 
accountability, and as well I have always been concerned about 
ensuring that grants that are rendered by the Department have 
the opportunity to be directly rendered or given to local 
communities. The process that you have now is that it is 
directed through the States. And so any time we have that 
opportunity to refine that, I know that may be legislative, but 
I would hope that we would be able to take that into 
consideration in terms of the funding. Right now the funding is 
through the States and I believe that is a delaying tactic that 
is not warranted.
    Ms. Flournoy, I think you have talked about threat 
assessment and the necessity of that. Do you have a quick 
response as to the need for having a strategy--Homeland 
Security strategy that would then direct the CFO as to how to 
budget priorities? If you could just give me a quick answer on 
that.
    Ms. Flournoy. Sure. I think developing a comprehensive 
strategy is one of the critical elements of a strategic 
planning process. I think it needs to happen at the interagency 
level, signed by the President, and then within the Department 
of Homeland Security they need to develop their own strategy in 
concert with the President's strategy to go forward.
    Ms. Jackson-Lee. Would that also include local communities 
and States as well, that they do a far-reaching effort in terms 
of input?
    Ms. Flournoy. The focus of the strategy would probably be 
on how the Department is going to use its resources. But to be 
effective they would have to include representatives from local 
and State government and communities as stakeholders in helping 
them define their vision.
    Ms. Jackson-Lee. Thank you for your leadership. I yield 
back.
    I ask unanimous consent to put my statement in the record.
    Chairman Cox. Without objection.
    The gentleman from Arizona is recognized.
    Mr. Shadegg. Thank you, Mr. Chairman. I want to begin, Ms. 
Flournoy, by thanking you. I thank all the witnesses for your 
testimony and for your efforts on behalf of the Department. I 
particularly want to say, Ms. Flournoy, that I agree with you 
and your testimony on the importance of threat-based or 
vulnerability-based assessment. It seems to me any other 
prioritization of the agency's resources or of our Nation's 
resources to protect us against a terrorist attack, other than 
one based on threat, is a mistake. When we do it based on 
population or based on some other type of formula, I think we 
are making a mistake. And this is my own personal bias.
    I strongly believe that the American people expect us to be 
very forward-looking in our approach to homeland security. And 
by that, I mean that I think they want us to be looking at the 
threat before it occurs, doing all of the intelligence we can, 
all of the assessment and evaluation we can, and everything 
humanly possible to preclude those attacks before they occur. 
Now, that is not to diminish the importance of first 
responders. God forbid a future attack is successful in 
inflicting harm on Americans on American soil. But I think the 
Department's focus has to be very aggressively on reaching out 
and looking at where is it that we are threatened? Where is the 
next attack going to come from, where are we vulnerable, and 
how can we prevent that attack if that is at all possible. So I 
encourage you for that testimony and strongly concur in it.
    I want to turn next to Ms. Springer. You put out, I guess, 
a report OMB does each year called performance and management 
assessments. I want to ask a couple of questions out of the 
section of that report on Homeland Security. Apparently what 
you do is you go through program by program. This particular 
program that caught my attention is Disaster Relief Fund Public 
Assistance. As I understand the format, you evaluate the 
purpose of the program, its purpose, its management, its 
results and accountability. On page 43, if you happen to have 
this report, you say that the purpose is very high. You rate 
that as a 90. But then you say the results and accountability 
are very low. And you say for example: ``The program''--now 
this is the disaster relief fund which goes in after a 
hurricane--``the program has no long-term outcome measures, it 
cannot meaningfully track operations with annual performance 
measures and the program fails to adequately screen requests 
for assistance to determine whether Federal help is needed.''
    On a program as important as disaster relief, I think that 
is a very, very telling analysis. And you come back and say 
rating results not demonstrated, meaning they have not 
demonstrated results from their program. The question I want to 
ask is not specifically about that but as a general 
proposition, doing this year over year, do you see departments 
then improve programs of this type? Can we expect that as a 
result of this evaluation, the Disaster Relief Fund Public 
Assistance Program will improve and have you had discussions on 
that topic with DHS?
    Ms. Springer. Okay. It is an excellent set of questions. 
Let me just first say there is someone at OMB who is charged 
with overseeing this Budget and Performance Integration 
Initiative. It is one of the President's management initiatives 
that all the agencies are rated on. I am not that person, but--
so I will provide you with what information I do have and would 
be glad to give you a more detailed answer.
    That program was one of eight programs that was measured 
last year. The whole process of evaluating those programs had 
its inaugural year with that fiscal 2004 budget process and the 
objective was that in rating it, not only the purpose but its 
effectiveness and its results and accountability and all the 
things that you mentioned, would continue from year to year, 
with that being the first year. It will be reviewed again in 
this year's process as well as another nine programs that will 
be added and we will look for improvement obviously.
    The theory behind this whole process is that if the results 
are not demonstrated, it may mean that there is more funding 
required to get it to that threshold. On the other hand, it may 
mean that the funding is not being properly utilized. There are 
a number of conclusions you can draw and it will be reviewed 
again each year after that first inaugural baseline year where 
the results were not demonstrated. And we found that in a 
number of programs, but this process complements and 
supplements what the Department is doing itself.
    Mr. Shadegg. I want to ask the Department about that in a 
moment. This is a flyer explaining that FEMA is funding a 
series of programs, $13.4 million in FEMA money. And albeit 
some of the programs on the list may be important programs to 
be done, I am not certain they should be being done by FEMA. Of 
the $13.4 million they are going to have a year-long 
celebration of trees, gardens and other healing spaces called 
gardens and healing spaces, multicultural dialogue that 
includes a greater discussion of who we are, where we are from, 
why we are here and how we are doing. Theater workshops, 
building trust during war workshop, peace workshop and anger 
management workshop. And I don't know if that comes out of that 
program or elsewhere, and I am not necessarily saying that some 
of these things are not good, but I think my constituents back 
home in Arizona think of FEMA dollars as going in after a 
disaster and doing more specific.
    Chairman Cox. Will the gentleman yield?
    Mr. Shadegg. Yes.
    Chairman Cox. If they are good, they certainly need to be 
renamed at a minimum. And if those are accurate descriptions I 
am skeptical that they are worthwhile.
    Mr. Shadegg. There may have been times that my wife would 
have liked me to have had an anger management class. I am not 
sure FEMA should have been paying for it, and I don't know how 
I feel about a peace workshop and I am not against peace.
    In any event, Dr. Carnes, do you have a comment on either 
the evaluation done by OMB or on this program?
    Mr. Carnes. As the guy who is on the receiving end of the 
grades that OMB hands out, it is a very effective club. I take 
them seriously because OMB then tortures us with the results 
and slashes our budget.
    Mr. Shadegg. I don't want to slash your budget. I want you 
budgeted to do what you need to do.
    Mr. Carnes. It is incumbent upon us to do this right. And 
as much as any--half the time I would say the problem is we 
cannot say what it is we are doing. I said in response to an 
earlier question I want to know what the thing is that we are 
buying. Too often grant folks tend to talk about the process 
they are using. I am interested in the thing, then I can 
measure it. So sometimes it is just that the program cannot 
define what it is about very well or how it is going to do its 
job.
    Sometimes it is because they just do a poor job of 
executing, then you have to either fix--you have to fix it. As 
to that project, it is an interesting project.
    Mr. Shadegg. Maybe I should give you this flyer and you 
could get back to us on those specific projects.
    Mr. Berman. The IG would be interested in the flyer as 
well.
    Chairman Cox. Did that come from OMB?
    Mr. Shadegg. No, it came from a Northern Virginia community 
resilience project that was funded by a FEMA grant. I yield 
back the balance of my time.
    [Information follows:]
    [GRAPHIC] [TIFF OMITTED] T1355.001
    
    Chairman Cox. Does any other member wish to be recognized 
for questions? I have one last question and that concerns again 
the grants.
    Since 1999, Federal law has required that applications for 
these grants be made electronically and that the reporting also 
be accomplished electronically. Is that actually happening, Mr. 
Berman?
    Mr. Berman. It is with regard to the ODP grants, basically 
the emergency preparedness grants. It is not happening with 
regard to the FEMA grants, the disaster assistance. Again--.
    Chairman Cox. That legal requirement does apply to FEMA, 
does it not?
    Mr. Berman. I believe so, sir.
    Chairman Cox. Maybe, Ms. Springer, you could shed some 
light on why we are not in compliance.
    Ms. Springer. I may be able to help a little. As part of 
that grants modernization, that is law, P.L. 106-107, perhaps.
    Chairman Cox. The Federal Financial Assistance Management 
Improvement Act of 1999.
    Ms. Springer. That is right. As part of that the grants.gov 
is going on line with an E-find capability which in effect will 
be like a yellow book on-line for anyone to go on and find 
grants that may be applicable. First responder grants for 
localities. And secondly, there will be an E-apply capability 
that will be going live this fall, and under that capability an 
applicant who finds a grant will be able to apply on-line one 
time entering a set of information that could be utilized for 
any grants that may be plugged into that system in effect. So 
the applicant does not need to repeatedly enter the same 
information.
    It is just a start. It is not in its full-fledged 
capability. But that is the Government-wide answer to making 
that applicable.
    Chairman Cox. What about the E-comply program since we have 
testimony that, quote, FEMA seldom used its enforcement power 
to compel grantees to fix problems even when the grantees had 
long histories of noncompliance? And FEMA was specifically 
cited in one category for serious fraud, waste and abuse.
    Compliance is also, is it not, the subject of this same 
1999 law?
    Ms. Springer. Yes, it is. And another thing that goes with 
that is the Single Audit Act, which requires audits of 
grantees. So that is another piece of this overall grants 
review to make sure that the money is going to the purpose for 
which it is intended.
    Chairman Cox. Dr. Carnes, do you want to comment on this? 
Because it is good to hear that we are aiming for legal 
compliance sometime in the indefinite future. But given that 
the noncompliance is so directly related to fraud, waste and 
abuse, this seems like something we want to leap on.
    Mr. Carnes. It is a problem and we have got to fix it and 
fix it right away.
    Chairman Cox. I appreciate it. The committee will work with 
you on this and stay interested, because the creation of the 
Department is really an opportunity to fix these problems. 
These are problems that DHS inherited. DHS has been around only 
for month, not years, and so I look at this as an opportunity 
to fix the long-standing problems in the legacy agencies that 
you have acquired, to reconfigure them for the Homeland 
Security objectives and to do so with alacrity.
    In that vein, Dr. Carnes, for what it is worth from the 
committee's standpoint, if the time for the issuance of the RFP 
that you described for the audit is either late winter or early 
spring, it would be very pleasing if it were late winter and 
not early spring. The faster the better. My concern is this: 
that very soon it will be the way we have always done it. So we 
have this opportunity now with the creation of this new 
department to change things that otherwise might be impossible 
in government to change. But if we let a year or two slip under 
our noses, then there is not only going to be the old INS way, 
there is going to be the DHS way and people that work at DHS 
will say this is the way we have always done it at DHS.
    This is a golden opportunity. We will only get it once. 
Never again in the history of this cabinet department, which 
will probably live indefinitely, will this golden moment occur 
again. The faster the better.
    Mr. Carnes. Yes, sir.
    Chairman Cox. Thank you for being outstanding witnesses. 
The hearing is adjourned.
    [Whereupon, at 3:00 p.m., the committee was adjourned.]


                            A P P E N D I X

                              ------------

                   Material Submitted for the Record

    Dr. Bruce Carnes Responses to Questions from the Hon. Jim Turner

Question: 1. Would your office benefit from a capability within the 
Department involving the ability to carry out long-range strategic 
assessments concerning the nature of the terrorist threat facing the 
country?
        a. To your knowledge, does the Department possess, or plan to 
        establish, such a specific capability, either in your office, 
        the Under Secretariat for Information Analysis and 
        Infrastructure Protection, or elsewhere?
Answer: The Under Secretary for Information Analysis and Infrastructure 
Protection (IAIP) will provide this capability. Actionable 
intelligence, including long-range strategic threat assessments, which 
can lead to stopping or apprehending terrorists, is essential to the 
primary mission of DHS. IAIP will fuse and analyze information from 
multiple sources pertaining to terrorist threats. This information 
includes foreign intelligence, law enforcement information, private 
sector data, and publicly available information. The Department will be 
a full partner and consumer of all intelligence generating agencies, 
such as the National Security Agency, the CIA and the FBI.
    Timely and thorough analysis of projected terrorists threats and 
the projected threat environment is critical to the Department's 
ability to prioritize program and resource requirements to safeguard 
our homeland. IAIP will provide long-term vulnerability and threat 
assessments as input in preparing long-range planning guidance to 
support preparation of the Future Years Homeland Security Program 
(FYHSP). Program and resource requirements within the Department will 
be prioritized to counter projected terrorist threats.

Question: 2. Would an annual National Homeland Security Strategy 
document, which could include a comprehensive threat and vulnerability 
assessment, aid the Department's program and budget review process?
        a. In particular, would it assist you in developing internal 
        budget guidance for the Department's components, which could 
        result in an articulation of program and budget priorities over 
        the five year span of the Future Years Homeland Security 
        Program?
Answer: Yes, an annual National Strategy for Homeland Security would be 
valuable in helping develop program planning guidance, and for that 
reason the Department is developing an annual DHS Strategy. From that, 
the Department is building a long-term comprehensive planning 
programming and budgeting system to support the Future Years Homeland 
Security Program (FYHSP). The system will align resources to programs 
that support the Department's objectives, demonstrate accountability, 
are performance driven, have identified long term benefits, and meet 
the Department's priorities. As part of this system, the Department 
will issue an annual program planning guidance, based on the Under 
Secretary for Information Analysis and Infrastructure Protection's 
long-term threat and vulnerability assessment, the National Strategy 
for Homeland Security and the Department's strategic plan. The program 
planning guidance will:
         Provide guidance to the agencies in preparing their 
        input to the FYHSP.
         Define the projected homeland security operating 
        environment based upon threat assessments regarding the 
        security of the homeland.
         Define the national homeland security priorities 
        necessary to help achieve and maintain homeland security goals 
        and objectives; and
         Ensure the necessary framework (including priorities) 
        to manage Department resources effectively for successful 
        mission accomplishment consistent with the National Strategy 
        for Homeland Security.

Question: 3. What is the current status of the Department's initiative 
to consolidate the 83 separate financial systems, few of which are 
integrated, that it inherited from its legacy agencies earlier this 
year?
        a. What integration goals have been established, when will such 
        goals be achieved, and how many financial systems is the 
        Department planning to operate when consolidation effectors are 
        complete?
Answer: The Resource Management Transformation Office (RMTO) working 
under the DHS Chief Financial Officer (CFO) has initiated the eMerge\2\ 
Program to transform the business and financial management policies, 
processes, and systems of DHS into a single solution that addresses the 
financial management, acquisition, and asset management requirements 
for the Department. eMerge\2\ is a business-focused program partnering 
the CFO, Chief Information Officer, Chief Procurement Officer, and 
Chief Administrative Officer to deliver a consolidated enterprise 
solution to DHS operators, policy-makers, and decision-makers.

Status
The RMTO has defined the strategic goals and developed the detailed 
program management plans and strategies (e.g., Risk Mitigation, 
Configuration Management) necessary to execute the program. The 
eMerge\2\ acquisition strategy will integrate requirements development 
with alignment to the DHS enterprise architecture, while building in 
quality and program audit.
    The eMerge\2\ Program was reviewed and approved by the DHS 
Investment Review Board (IRB). (The IRB selects all major DHS programs 
that are to go forward, then controls and evaluates their progress. It 
is composed of top DHS Leadership, chaired by the Deputy Secretary of 
DHS and includes the Under Secretaries of Management, EPR, BTS, S&T and 
IAIP. The IRB provides approved programs with strategic guidance and 
ensures alignment with DHS missions, strategies and goals.) The 
approval of this program on September 24th designated eMerge\2\ as a 
DHS program operating under the DHS CFO.

Plans
The program is divided into two major phases. Phase I addresses the 
core requirements that are common for all agencies in acquisition and 
procurement, budget formulation and execution, civilian pay and travel 
settlements, accounts payable, asset management, funds control, general 
ledger and reporting, and accounts receivable. The requirements 
definition will be complete by April 2004. Phase II, which will include 
delivery of a consolidated enterprise solution, will begin with 
implementation at one site in early FY 2005 and implementation at 
additional sites from March 2005 through FY 2006.

    Mr. Richard Berman Response to Question from the Hon. Jim Turner

Question: If the Department was formally made a part of the 1990 Chief 
Financial Officer's Act, would that make it easier for the Office of 
the Inspector General to monitor compliance with it, and, thus, assist 
in ensuring that federal resources are managed appropriately?
Answer: As I mentioned in my testimony, even though DHS is not 
presently subject to the CFO Act, the current DHS CFO, to his credit, 
has pledged to comply with all of its requirements as if he were 
legally bound to do so. We applaud his position, and we will monitor 
and report on whether he adheres to it through our regular audits of 
department programs and operations.
    While the current DHS CFO agrees to comply with the provisions of 
this law even though he is not obliged to do so, his successor may not 
take that position. If a future CFO were not to follow this law, we 
believe that it would be harder for OIG to obtain management's 
agreement to take any corrective actions we might recommend to address 
any deficiencies we might find in the area of financial management.

                                 
