[House Hearing, 109 Congress]
[From the U.S. Government Publishing Office]
DEPARTMENT OF HOMELAND SECURITY INFORMATION TECHNOLOGY MANAGEMENT
CHALLENGES AND THE FUTURE OF eMERGE2
=======================================================================
JOINT HEARING
before the
SUBCOMMITTEE ON GOVERNMENT MANAGEMENT,
FINANCE, AND ACCOUNTABILITY
of the
COMMITTEE ON GOVERNMENT REFORM
and the
SUBCOMMITTEE ON MANAGEMENT,
INTEGRATION, AND OVERSIGHT
of the
COMMITTEE ON HOMELAND SECURITY
HOUSE OF REPRESENTATIVES
ONE HUNDRED NINTH CONGRESS
SECOND SESSION
__________
MARCH 29, 2006
__________
Serial No. 109-173
Committee on Government Reform
Serial No. 109-70
Committee on Homeland Security
__________
Printed for the use of the Committees on Government Reform and Homeland
Security
Available via the World Wide Web: http://www.gpoaccess.gov/congress/
index.html
http://www.house.gov/reform
______
U.S. GOVERNMENT PRINTING OFFICE
29-709 WASHINGTON : 2006
_____________________________________________________________________________
For Sale by the Superintendent of Documents, U.S. Government Printing Office
Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; (202) 512�091800
Fax: (202) 512�092250 Mail: Stop SSOP, Washington, DC 20402�090001
COMMITTEE ON GOVERNMENT REFORM
TOM DAVIS, Virginia, Chairman
CHRISTOPHER SHAYS, Connecticut HENRY A. WAXMAN, California
DAN BURTON, Indiana TOM LANTOS, California
ILEANA ROS-LEHTINEN, Florida MAJOR R. OWENS, New York
JOHN M. McHUGH, New York EDOLPHUS TOWNS, New York
JOHN L. MICA, Florida PAUL E. KANJORSKI, Pennsylvania
GIL GUTKNECHT, Minnesota CAROLYN B. MALONEY, New York
MARK E. SOUDER, Indiana ELIJAH E. CUMMINGS, Maryland
STEVEN C. LaTOURETTE, Ohio DENNIS J. KUCINICH, Ohio
TODD RUSSELL PLATTS, Pennsylvania DANNY K. DAVIS, Illinois
CHRIS CANNON, Utah WM. LACY CLAY, Missouri
JOHN J. DUNCAN, Jr., Tennessee DIANE E. WATSON, California
CANDICE S. MILLER, Michigan STEPHEN F. LYNCH, Massachusetts
MICHAEL R. TURNER, Ohio CHRIS VAN HOLLEN, Maryland
DARRELL E. ISSA, California LINDA T. SANCHEZ, California
JON C. PORTER, Nevada C.A. DUTCH RUPPERSBERGER, Maryland
KENNY MARCHANT, Texas BRIAN HIGGINS, New York
LYNN A. WESTMORELAND, Georgia ELEANOR HOLMES NORTON, District of
PATRICK T. McHENRY, North Carolina Columbia
CHARLES W. DENT, Pennsylvania ------
VIRGINIA FOXX, North Carolina BERNARD SANDERS, Vermont
JEAN SCHMIDT, Ohio (Independent)
------ ------
David Marin, Staff Director
Teresa Austin, Chief Clerk
Phil Barnett, Minority Chief of Staff/Chief Counsel
Subcommittee on Government Management, Finance, and Accountability
TODD RUSSELL PLATTS, Pennsylvania, Chairman
VIRGINIA FOXX, North Carolina EDOLPHUS TOWNS, New York
TOM DAVIS, Virginia MAJOR R. OWENS, New York
GIL GUTKNECHT, Minnesota PAUL E. KANJORSKI, Pennsylvania
MARK E. SOUDER, Indiana CAROLYN B. MALONEY, New York
JOHN J. DUNCAN, Jr., Tennessee
Ex Officio
HENRY A. WAXMAN, California
Mike Hettinger, Staff Director
Tabetha Mueller, Professional Staff Member
Erin Phillips, Clerk
Adam Bordes, Minority Professional Staff Member
COMMITTEE ON HOMELAND SECURITY
PETER T. KING, New York, Chairman
DON YOUNG, Alaska BENNIE G. THOMPSON, Mississippi
LAMAR S. SMITH, Texas LORETTA SANCHEZ, California
CURT WELDON, Pennsylvania, Vice EDWARD J. MARKEY, Massachusetts
Chairman NORMAN D. DICKS, Washington
CHRISTOPHER SHAYS, Connecticut JANE HARMAN, California
JOHN LINDER, Georgia PETER A. DeFAZIO, Oregon
MARK E. SOUDER, Indiana NITA M. LOWEY, New York
TOM DAVIS, Virginia ELEANOR HOLMES NORTON, District of
DANIEL E. LUNGREN, California Columbia
JIM GIBBONS, Nevada ZOE LOFGREN, California
ROB SIMMONS, Connecticut SHEILA JACKSON-LEE, Texas
MIKE ROGERS, Alabama BILL PASCRELL, Jr., New Jersey
STEVAN PEARCE, New Mexico DONNA M. CHRISTENSEN, U.S. Virgin
KATHERINE HARRIS, Florida Islands
BOBBY JINDAL, Louisiana BOB ETHERIDGE, North Carolina
DAVE G. REICHERT, Washington JAMES R. LANGEVIN, Rhode Island
MICHAEL McCAUL, Texas KENDRICK B. MEEK, Florida
CHARLIE DENT, Pennsylvania
GINNY BROWN-WAITE, Florida
SUBCOMMITTEE ON MANAGEMENT, INTEGRATION, AND OVERSIGHT
MIKE ROGERS, Alabama
JOHN LINDER, Georgia KENDRICK B. MEEK, Florida
MARK E. SOUDER, Indiana EDWARD J. MARKEY, Massachusetts
TOM DAVIS, Virginia ZOE LOFGREN, California
KATHERINE HARRIS, Florida SHEILA JACKSON-LEE, Texas
DAVE G. REICHERT, Washington BILL PASCRELL, Jr., New York
MICHAEL McCAUL, Texas BENNIE G. THOMPSON, Mississippi,
PETER T. KING, New York, Ex Officio Ex Officio
C O N T E N T S
----------
Page
Hearing held on March 29, 2006................................... 1
Statement of:
Williams, McCoy, Director, Financial Management and
Assurance, Government Accountability Office, accompanied by
Keith A. Rhodes, Chief Technologist, Applied Research and
Methods, Center for Technology and Engineering; Randolph C.
Hite, Director, Information Technology Architecture and
Systems Issues, U.S. Government Accountability Office;
Eugene Schied, Deputy Chief Financial Officer, Department
of Homeland Security; and Scott Charbo, Chief Information
Officer, Department of Homeland Security................... 5
Charbo, Scott............................................ 70
Hite, Randolph C......................................... 28
Schied, Eugene........................................... 68
Williams, McCoy.......................................... 5
Letters, statements, etc., submitted for the record by:
Hite, Randolph C., Director, Information Technology
Architecture and Systems Issues, U.S. Government
Accountability Office, prepared statement of............... 31
Platts, Hon. Todd Russell, a Representative in Congress from
the State of Pennsylvania, prepared statement of........... 3
Schied, Eugene, Deputy Chief Financial Officer, Department of
Homeland Security; and Scott Charbo, Chief Information
Officer, Department of Homeland Security, prepared
statement of............................................... 72
Thompson, Hon. Bennie G., a Representative in Congress from
the State of Mississippi, prepared statement of............ 110
Towns, Hon. Edolphus, a Representative in Congress from the
State of New York, prepared statement of................... 108
Williams, McCoy, Director, Financial Management and
Assurance, Government Accountability Office, prepared
statement of............................................... 7
DEPARTMENT OF HOMELAND SECURITY INFORMATION TECHNOLOGY MANAGEMENT
CHALLENGES AND THE FUTURE OF eMERGE2
----------
WEDNESDAY, MARCH 29, 2006
House of Representatives, Subcommittee on
Government Management, Finance, and
Accountability, Committee on Government Reform,
joint with the Subcommittee on Management,
Integration, and Oversight, Committee on
Homeland Security,
Washington, DC.
The subcommittees met, pursuant to notice, at 3:05 p.m., in
room 2247, Rayburn House Office Building, Hon. Todd Russell
Platts (chairman of the Subcommittee on Government Management,
Finance, and Acountability) presiding.
Present from the Committee on Government Reform,
Subcommittee on Government Management, Finance, and
Accountability: Representative Platts.
Present from the Committee on Homeland Security,
Subcommittee on Management, Integration, and Oversight:
Representatives Rogers, Meek, and Jackson Lee.
Staff present from the Committee on Government Reform,
Subcommittee on Government Management, Finance, and
Accountability: Mike Hettinger, staff director; Dan Daly,
counsel, Tabetha Mueller, professional staff member; Erin
Phillips, clerk; Adam Bordes, minority professional staff
member; and Earley Green, minority chief clerk.
Mr. Platts. The Government Reform Subcommittee on
Government Management, Finance, and Accountability, joint with
the Homeland Security Subcommittee on Management, Integration,
and Oversight, will come to order.
I would first like to welcome Chairman Rogers, chairman of
the Homeland Security subcommittee, for joining us in this
important hearing today. We will be joined shortly by ranking
members of both committees as well. And if they have opening
statements at that time when they join us, we will allow them
to do so or submit them for the record.
I am pleased to be holding this hearing with the other
subcommittee. I want to thank Chairman Rogers and his
subcommittee for their important work on these issues.
Sometimes management issues are overlooked in the larger policy
debate, but sound management is absolutely critical to the
success of any program.
One of the primary reasons for the creation of the
department was to streamline processes and realize
efficiencies. In short, to spend less on overhead and more on
protecting America. The effective use of information technology
is a key tool in reaching that goal, and today's hearing will
take an important look at the initiatives now underway at the
department.
The success of eMerge2 has broad implications for the
department, and the shared services model that is being
employed will serve as an important test case for the
Government-wide Financial Management Line of Business
initiative being proposed by the Office of Management and
Budget.
Proper management of information technology, the eMerge2
program in particular, is a top priority for our subcommittee,
something we have followed closely for the past 3 years, and it
is something we will continue to focus on.
I look forward to hearing from our witnesses here today and
appreciate the work that you all do in supporting DHS.
[The prepared statement of Hon. Todd Russell Platts
follows:]
[GRAPHIC] [TIFF OMITTED] T9709.001
Mr. Platts. I now have the pleasure of recognizing the
chairman of the Homeland Security subcommittee, Chairman
Rogers.
Mr. Rogers. Thank you.
Today, we are holding a joint hearing to examine the status
of the department's financial management resources and the
integration of its information technology systems.
I would first like to thank Chairman Platts and Ranking
Member Towns for working with us on this hearing today. Our two
subcommittees do share a common goal of strengthening the
department's financial management while safeguarding taxpayer
dollars.
I would also like to welcome our panel of distinguished
witnesses and thank them for being here today. I know you are
busy, and it is very kind of you to take the time to be with
us.
When the department was formed in March 2003, it inherited
19 different financial management systems. Through
consolidation, that number is now down to eight. In 2004, the
department announced a new initiative referred to as eMerge2.
This effort would bring the entire department under one
centralized financial management system.
To accomplish this, DHS has spent approximately $18 million
to begin the program, which was estimated to cost over $229
million. Late last year, however, the department abruptly
canceled the contract and shifted the direction of eMerge2.
Today, we hope to hear what went wrong with the contract,
what, if anything, the department received for its $18 million,
and what the department plans for the future of eMerge2. We
also will examine the steps the department is taking to
integrate its information systems.
I was disappointed to see, for example, that the department
had recently received an ``F'' on the Government Reform
Committee's annual computer security scoreboard for the 3rd
year. Today, I hope we will find out why that grade hasn't
improved.
And with that, I will be happy to yield back to Chairman
Platts, and thank you again for this joint hearing.
Mr. Platts. Thank you, Chairman Rogers.
And we will proceed to our witnesses. We are pleased to
have four distinguished guests with us today as part of this
hearing. As part of our process here of the subcommittee, we
would ask all four of you to first stand and be sworn in.
[Witnesses sworn.]
Mr. Platts. Thank you. You may be seated.
A clerk will note that the witnesses affirmed the oath.
We are pleased to have with us, first, Mr. McCoy Williams,
Director of Financial Management and Assurance, the Government
Accountability Office; Mr. Randy Hite, Director, Information
Technology Architecture and Systems, Government Accountability
Office; Mr. Eugene Schied, Acting Chief Financial Officer,
Department of Homeland Security; and Mr. Scott Charbo, Chief
Information Officer, Department of Homeland Security.
All four of your written testimonies have been submitted
for the record. And again, we appreciate you being here with
us.
Mr. Williams, we are going to start with you, if you would
like to proceed with your opening statement?
STATEMENTS OF McCOY WILLIAMS, DIRECTOR, FINANCIAL MANAGEMENT
AND ASSURANCE, GOVERNMENT ACCOUNTABILITY OFFICE, ACCOMPANIED BY
KEITH A. RHODES, CHIEF TECHNOLOGIST, APPLIED RESEARCH AND
METHODS, CENTER FOR TECHNOLOGY AND ENGINEERING; RANDOLPH C.
HITE, DIRECTOR, INFORMATION TECHNOLOGY ARCHITECTURE AND SYSTEMS
ISSUES, U.S. GOVERNMENT ACCOUNTABILITY OFFICE; EUGENE SCHIED,
DEPUTY CHIEF FINANCIAL OFFICER, DEPARTMENT OF HOMELAND
SECURITY; AND SCOTT CHARBO, CHIEF INFORMATION OFFICER,
DEPARTMENT OF HOMELAND SECURITY
STATEMENT OF McCOY WILLIAMS
Mr. Williams. Thank you.
Mr. Chairmen, it is a pleasure to be here today to
participate in this joint oversight hearing on the Department
of Homeland Security's ongoing efforts to effectively manage
its information technology projects.
Today, we would like to provide our perspectives on the
importance of DHS following best practices in developing and
implementing its new financial management systems.
Specifically, we would like to discuss the recurring
problems we and others have identified in agencies' financial
management systems development and implementation efforts,
point out key financial management system modernization
challenges at DHS, highlight the building blocks that form the
foundation for successful financial management system
implementation efforts.
First, our work and that of the IGs over the years has
shown that agencies have failed to employ accepted best
practices and systems development and implementation that can
collectively reduce the risk associated with implementing
financial systems. These are commonly referred to as
disciplined processes.
In our recently issued report, we identified key causes of
failures related to disciplined processes, such as requirements
management, testing, and project management. As a case in
point, we recently reported that the initial deployment of a $1
billion Army system intended to improve depot operations was
still not meeting users' needs. One reason was a breakdown in
the requirements management process.
Agencies have also faced challenges in implementing
financial management systems due to human capital management
issues related to strategic work force planning, human
resources, and change management. By not identifying the right
people with the right skills, agencies reduce their chances of
successfully implementing and operating new financial
management systems. For example, we identified human capital
problems in systems projects at IRS, HHS, and VA.
Second, DHS faces unique challenges in attempting to
develop integrated financial management systems across the
breadth of such a large and diverse department. DHS inherited a
number of redundant financial management systems from 22
diverse agencies. Among the weaknesses identified in prior
financial audits were insufficient internal controls or
processes to reliably report basic financial information.
According to DHS officials, they recently decided to change
the direction of eMerge2 project, which was supposed to
consolidate and integrate the department's financial accounting
and reporting systems. DHS's revised shared services approach
will allow DHS components to choose from existing financial
management service providers, mainly from within DHS.
Third, based on industry best practices, we have identified
four key concepts that we believe will be critical to DHS's
ability to successfully complete its planned migration to
financial management shared services providers.
The four concepts are developing a concept of operations,
defining standard business processes, developing a strategy for
implementing DHS's approach across the department, and defining
and effectively implementing disciplined processes. Careful
consideration of these four concepts, each one building upon
the next, will be integral to the success of DHS's strategy.
In closing, with DHS at an important crossroads in
implementing financial management systems, it has an excellent
opportunity to use these building blocks to form a solid
foundation on which to base its efforts and avoid the problems
that have plagued so many other Federal agencies.
This concludes our statement. We will be pleased to answer
any questions.
Thank you.
[The prepared statement of Mr. Williams follows:]
[GRAPHIC] [TIFF OMITTED] T9709.002
[GRAPHIC] [TIFF OMITTED] T9709.003
[GRAPHIC] [TIFF OMITTED] T9709.004
[GRAPHIC] [TIFF OMITTED] T9709.005
[GRAPHIC] [TIFF OMITTED] T9709.006
[GRAPHIC] [TIFF OMITTED] T9709.007
[GRAPHIC] [TIFF OMITTED] T9709.008
[GRAPHIC] [TIFF OMITTED] T9709.009
[GRAPHIC] [TIFF OMITTED] T9709.010
[GRAPHIC] [TIFF OMITTED] T9709.011
[GRAPHIC] [TIFF OMITTED] T9709.012
[GRAPHIC] [TIFF OMITTED] T9709.013
[GRAPHIC] [TIFF OMITTED] T9709.014
[GRAPHIC] [TIFF OMITTED] T9709.015
[GRAPHIC] [TIFF OMITTED] T9709.016
[GRAPHIC] [TIFF OMITTED] T9709.017
[GRAPHIC] [TIFF OMITTED] T9709.018
[GRAPHIC] [TIFF OMITTED] T9709.019
[GRAPHIC] [TIFF OMITTED] T9709.020
[GRAPHIC] [TIFF OMITTED] T9709.021
[GRAPHIC] [TIFF OMITTED] T9709.022
Mr. Platts. Thank you, Mr. Williams.
Before we move to Mr. Hite, we are pleased to be joined by
the Homeland Security subcommittee ranking member, the
gentleman from Florida, Mr. Meek. And I believe you would like
to make an opening statement?
Mr. Meek. Thank you, Mr. Chairman.
I will make some brief comments, and I will enter the rest
of my statement for the record.
I am glad that both of our subcommittees have come together
to have this hearing. This is the first time the Homeland
Security and Government Reform Committees have had an oversight
joint hearing as far as we know here, here at this level.
But the fact that these two committees have come together
today says a lot about the level of concern for Department of
Homeland Security. I can tell you, as the ranking member of the
oversight committee, the Homeland Security subcommittee, I am
becoming more and more concerned with these kinds of hearings
after the incident has happened and after the taxpayers' money
has been wasted.
I am also very concerned about the fact there is so much
attrition over at the Department of Homeland Security, so that
once you set the plan to recover or to make sure it never
happens again, you have a whole other set of players in place.
I am interested in learning today at this hearing how the
corrections to make sure that the incident that has happened
never happens again and jeopardize national security is put
into place so that we don't have to have another hearing such
as this one.
This has very serious consequences for our national
security, and I agree with many of the points that were made in
the GAO report. Looking forward to hearing more about it.
And with that, Mr. Chairman, I would like to just enter the
rest of my comments for the record so that we can get the
testimony, and we will have time for question and answers, sir.
Thank you. Yield back.
Mr. Platts. Thank you, Mr. Meek.
And without objection, the rest of your testimony is
entered into the record.
And we will proceed, Mr. Hite, if you would like to proceed
with your opening statement?
STATEMENT OF RANDOLPH C. HITE
Mr. Hite. Thank you, Chairman Platts, Chairman Rogers,
Ranking Member Meek.
Let me begin by commending this subcommittee--or both
subcommittees for holding this hearing on IT management at DHS,
a subject that is, without question, as challenging for the
department as it is important. Suffice it to say that while
effective IT management is not the end all and be all when it
comes to transforming the department, this transformation
cannot occur without it.
My statement today addresses the state of IT management at
DHS and what I view as two interrelated planes. The first is
establishing institutional or corporate-level IT management
controls, and the second is actually managing individual IT
programs in accordance with these controls.
In effect, this collection of control mechanisms can be
viewed as providing the means to desired end, that is,
delivering systems that are on time and on budget and produce
required capabilities and promised benefits.
My bottom-line message is there has been mixed progress on
these fronts. But overall, the department is not yet where it
needs to be.
To expand on this bottom line, let me first set the stage
by identifying some of these institutional controls that I am
referring to, all of which are spelled out in my written
statement, and then focus on the department's performance thus
far in implementing them, using key system investments as
examples.
One control is having and using an enterprise architecture,
which can be viewed as a department-wide operational and
technological blueprint that provides an authoritative frame of
reference to guide and constrain the structure and the content
of IT investments.
Another is applying engineering and acquisition discipline
and rigor when defining and designing and developing and
testing and deploying and maintaining these IT systems.
A third is having people with the right knowledge, skills,
and abilities to execute all of these disciplines. And
transcending each of these controls is an empowered Chief
Information Officer to make it all happen.
Over the last 3 years, we have reported on varying levels
of progress in these areas. For example, we pointed out that
the department's first version of its enterprise architecture
provided a foundation upon which to build, but it was missing
important content which limited its utility.
Since then, the department has improved its approach to
managing the architecture and has issued updated versions of
it. The latest version includes some of the missing scope, and
the department plans to keep building on this.
We also found the department has introduced a standard
template for capturing information about investments alignment
with the architecture, although it has yet to document a
methodology with explicit criteria for determining the degree
of alignment.
As another example, the department continues to recruit,
hire, and train IT professionals, but has yet to develop a
strategic approach to IT human capital management that provides
for, first, understanding the current and needed work force
numbers and qualifications and then pursuing explicit
strategies for filling current and projected gaps in these
capabilities.
Now, concurrent with its ongoing efforts to strengthen
corporate IT governance, the department has continued to invest
heavily in new and enhanced systems, including IT
infrastructure, such as shared networks, consolidated data
centers, and IT systems better known for their catchy titles,
such as ACE and US-VISIT and Secure Flight, to name a few.
To the department's credit, some of these investments have
resulted in increments of capabilities to assist DHS employees
in doing their jobs. Examples include the initial core of a
department-wide sensitive, but unclassified network known as
OneNet, the entry side of US-VISIT, and the first four releases
of ACE.
However, other capabilities, such as the Atlas
infrastructure initiative, the exit side of US-VISIT, and
Secure Flight as a whole, are not operational after years of
work.
We have also reported that these and other IT investments
have suffered from management weaknesses that both have caused
problems and increased the risk of future problems.
Examples include poor requirements definition, inadequate
testing, limited program planning, unreliable cost and schedule
estimating, poor security management, limited staffing,
inadequate risk management, absence of independent verification
validation, limited earned value, to name more than a few. Some
of these weaknesses have been corrected on some programs, but
others have not.
So having said all of this, what needs to be done? Part of
the answer lies in the litany of recommendations that we have
made to address each of these institutional and program-
specific areas. To the department's credit, it has largely
agreed with these recommendations, and some have been
implemented. However, most are still works in process.
In my view, our recommendations provide a comprehensive
framework for strengthening DHS's IT management and increasing
the chances that its investments will successfully play their
roles in transforming how the department operates and how well
it performs. We look forward to working constructively with the
department in implementing them.
This concludes my statement. I would be happy to answer any
questions whenever you choose.
[The prepared statement of Mr. Hite follows:]
[GRAPHIC] [TIFF OMITTED] T9709.023
[GRAPHIC] [TIFF OMITTED] T9709.024
[GRAPHIC] [TIFF OMITTED] T9709.025
[GRAPHIC] [TIFF OMITTED] T9709.026
[GRAPHIC] [TIFF OMITTED] T9709.027
[GRAPHIC] [TIFF OMITTED] T9709.028
[GRAPHIC] [TIFF OMITTED] T9709.029
[GRAPHIC] [TIFF OMITTED] T9709.030
[GRAPHIC] [TIFF OMITTED] T9709.031
[GRAPHIC] [TIFF OMITTED] T9709.032
[GRAPHIC] [TIFF OMITTED] T9709.033
[GRAPHIC] [TIFF OMITTED] T9709.034
[GRAPHIC] [TIFF OMITTED] T9709.035
[GRAPHIC] [TIFF OMITTED] T9709.036
[GRAPHIC] [TIFF OMITTED] T9709.037
[GRAPHIC] [TIFF OMITTED] T9709.038
[GRAPHIC] [TIFF OMITTED] T9709.039
[GRAPHIC] [TIFF OMITTED] T9709.040
[GRAPHIC] [TIFF OMITTED] T9709.041
[GRAPHIC] [TIFF OMITTED] T9709.042
[GRAPHIC] [TIFF OMITTED] T9709.043
[GRAPHIC] [TIFF OMITTED] T9709.044
[GRAPHIC] [TIFF OMITTED] T9709.045
[GRAPHIC] [TIFF OMITTED] T9709.046
[GRAPHIC] [TIFF OMITTED] T9709.047
[GRAPHIC] [TIFF OMITTED] T9709.048
[GRAPHIC] [TIFF OMITTED] T9709.049
[GRAPHIC] [TIFF OMITTED] T9709.050
[GRAPHIC] [TIFF OMITTED] T9709.051
[GRAPHIC] [TIFF OMITTED] T9709.052
[GRAPHIC] [TIFF OMITTED] T9709.053
[GRAPHIC] [TIFF OMITTED] T9709.054
[GRAPHIC] [TIFF OMITTED] T9709.055
[GRAPHIC] [TIFF OMITTED] T9709.056
[GRAPHIC] [TIFF OMITTED] T9709.057
[GRAPHIC] [TIFF OMITTED] T9709.058
[GRAPHIC] [TIFF OMITTED] T9709.059
Mr. Platts. Thank you, Mr. Hite.
Mr. Schied.
STATEMENT OF EUGENE SCHIED
Mr. Schied. Thank you, Chairman Platts, Chairman Rogers,
Ranking Member Meek, for allowing me this opportunity to
testify before you regarding the Department of Homeland
Security's plans for its financial management systems and the
future of the eMerge2 program.
The Department of Homeland Security continues to make
progress in improving financial management, but the progress
admittedly does not come easy or quick.
Our accomplishments to date reflect the rigorous effort of
our financial management personnel and are evidenced by things
such as the timely completion this past November of DHS's
consolidated financial statements for the first time and the
submission of those statements for audit, the unqualified
opinion on the balance sheet this past year by the Customs and
Border Protection, our work on internal controls to date, and
OMB's A-123 implementation and implementation of the OMB A-123
requirements, including the completion this past year of the
GAO assessment tool used by DHS components to support the
assertion made by the Secretary at the end of the year.
And financial systems and accounting service successes to
date that include, as mentioned by Chairman Rogers, the
reduction of the number of financial service providers to date
from 18 down to 8, a CBP and Secret Service implementation
successful of new financial management systems, and the U.S.
Coast Guard and FLETC becoming financial service providers to
other components within the Department of Homeland Security.
Particularly regarding systems, and specifically the
department's eMerge2 program, it did not progress as we had
originally planned, and DHS still needs to improve greatly its
resource management systems. We have some systems that are
aging. Others that fail to meet user requirements. Some that
are not fully integrated between finance, procurement, and
asset management.
To meet these needs, rather than acquiring, configuring,
and implementing a new system solution, as we initially started
with the eMerge2 program, we are now looking to leverage
investments that have already been made, both inside DHS and
outside.
By closely monitoring contract performance under the
initial attempt at the eMerge2 solution implementation, we were
able to determine really within several weeks of letting the
initial eMerge2 task order that we had issues with how the
project was progressing.
We determined that the project had veered unacceptably off
schedule, and we worked with the contractor in an attempt to
get the project back on track. But when the risks ultimately
were deemed to be too great, we chose to allow the blanket
purchase agreement to expire and to retool our approach to meet
our systems needs.
Specifically, the primary reasons we decided to stop with
the effort to build the new system solution include contractor
performance issues; the challenge of undertaking a major change
while still building the basic organizational capabilities
within DHS to manage a project of this magnitude; consideration
of the overall financial management issues faced by DHS, such
as those cited in the annual financial audits; and recognition
that recent DHS component financial systems and servicing
successes, such as those I have just mentioned, presented
viable alternatives to standing up a new system.
We are now in the replanning effort of our eMerge2 effort
to improve financial systems. We are looking at leveraging
system investments that have been made to date, not only those
within DHS, but also at the OMB financial management centers of
excellence. And we are developing a 5-year plan not only for
the improvement of financial management, but also how
improvements in financial management services have to tie in
with systems including internal controls and financial
reporting.
The eMerge2 program is an important element of improving
financial management in DHS, but it is vital as DHS moves
forward that the eMerge2 program not be viewed as separate from
the larger context of financial management, which includes not
only systems, but people and processes.
Our efforts to fix audit weaknesses, improve financial
management, strengthen internal controls, and modernize
financial systems are all interrelated activities. Accordingly,
before jumping headlong into further systems and service
provider changes, DHS has to make sure that the prerequisite
steps of solidifying financial management are taken.
Central to eliminating all of DHS's reported material
weaknesses and obtaining a clean financial statement audit
opinion is a credible and enforceable corrective action and
remediation process. This year, DHS is entirely revamping the
corrective action process. It will be more standardized, and it
will be more disciplined.
Among our changes for this year are identifying root causes
and underlying issues of our pervasive material weaknesses,
particularly those involving fund balance with Treasury and
financial reporting; formalizing a corrective action process
through a management directive, through guidance, through
training, then utilizing the authority from the Office of the
Secretary to overcome cultural shifts and secure management
commitment; leveraging an automated tool to help us track our
corrective action process.
We will also be partnering with the inspector general's
office to ensure that our progress is monitored and that
management is held accountable for the progress.
In conclusion, while the eMerge2 program did not progress
along the path we had originally envisioned, we managed the
project in such a way that enabled us to minimize our risk and
make course corrections before substantial sums of taxpayer
dollars were expended.
We are now moving along a path that will enable us to
achieve our original goals of providing decisionmakers with
critical resource management information, but at less risk to
the Government. The new approach will also enable us to better
incorporate needed improvements in DHS financial management
practices into the design and rollout strategy of our new
approach.
Thank you again for the opportunity to testify here today,
and I especially thank you for your leadership and continuing
support in Homeland Security and its management programs. And I
would be happy to answer any questions.
Mr. Platts. Thank you, Mr. Schied.
Mr. Charbo.
STATEMENT OF SCOTT CHARBO
Mr. Charbo. Thank you, Chairmen Platts and Rogers, Ranking
Member Meek.
I would like to focus my comments on capital control
processes and IT governance within the Department of Homeland
Security.
Currently at DHS, the IT Strategic Plan and Enterprise
Architecture are developed from the DHS Strategic Plan, the
Future Years Homeland Security Program [FYHSP], and the
Secretary's Planning Priorities. These assist in framing our
governance processes as we manage IT programs.
The department's current IT budget is controlled and
invested by the Capital Planning and Investment Control [CPIC]
process. The department's enterprise architecture process,
coupled to our CPIC process, ensures the department optimally
invests and manages its annual budget.
The investment strategy at the department is taking a
review of the systems via portfolio view. These portfolios are
managed through a Joint Resource Council [JRC], of the
department leadership, then an IRB board, which reviews for
major investments by each of those portfolios.
Portfolio investments must meet specific criteria in order
to be continuously funded. They must align to the DHS mission,
have clear performance metrics. They must meet program and
project control criteria as measured by earned value and
demonstrate delivery of discrete technical capability at key
milestones throughout the life cycle of the investment.
In addition, the investment performance is assessed against
the entire portfolio to ensure that budget dollars are
allocated to initiatives that are delivering the most value to
the mission.
Our strategy of alignment, integration, and architecture is
centered on the Technical Reference Model of the enterprise
architecture. The TRM is used to establish standards and
initial integration throughout DHS. These standards are
enforced through the EA governance process.
The eventual goal is to align requirements and reduce the
number of products being used for particular functions to the
standard products laid out in the TRM. We feel this will
enhance information sharing as well.
The department has the proper IT governance for its
programs through the CPIC process and the Enterprise
Architecture Board for the enterprise architecture. A strong
part of this governance is the CIO Council. This consists of
the department CIOs and the CIOs of the major components. This
council provides a collaborative forum for DHS-wide IT
decisionmaking, allows for the socialization of these
decisions, and acts as the architecture board that is chaired
by myself.
The benefits of the council finalizing and disseminating
the EA and CPIC processes are many fold. It aligns the
investment decisions to the FYHSP goals and objectives,
balances DHS resources across transformational portfolios and
objectives, identifies redundancies in integration
opportunities across DHS, and it maintains enterprise-level
OMB, PMA, and congressional compliance.
As the department moves forward with eMerge2 to achieve a
clean financial opinion, standardization of DHS accounting
structure and financial management business rules, processes,
and procedures, those same principles mentioned--of proper
program management, requirements alignment, IT governance, and
risk mitigation--will be applied.
Thank you. I look forward to your questions.
[The prepared statement of Messrs. Schied and Charbo
follows:]
[GRAPHIC] [TIFF OMITTED] T9709.060
[GRAPHIC] [TIFF OMITTED] T9709.061
[GRAPHIC] [TIFF OMITTED] T9709.062
[GRAPHIC] [TIFF OMITTED] T9709.063
[GRAPHIC] [TIFF OMITTED] T9709.064
[GRAPHIC] [TIFF OMITTED] T9709.065
[GRAPHIC] [TIFF OMITTED] T9709.066
[GRAPHIC] [TIFF OMITTED] T9709.067
[GRAPHIC] [TIFF OMITTED] T9709.068
Mr. Platts. Thank you, Mr. Charbo, and, again, all four of
our witnesses for your written testimony and oral statements.
We will go into questions, and we will try to stay roughly
to the 5-minute alternation between the Members.
Mr. Williams, Mr. Hite, if we could start with kind of the
big picture? And GAO has done a yeoman's job of trying to work
with the department's agencies in putting forth the principles
that your statement is talking about of what you need to do up
front before moving forward with a major overhaul in your
financial management plans.
And yet despite your efforts, we have seen some challenges
in how that has moved forward across the Federal Government,
including here, where we had about $9 million spent on the
initial eMerge2 plan and then a decision not to go that route
and start over.
In your combined experiences, in looking at the Federal
Government compared to the private sector, how common what we
are seeing in the Federal Government, whether it be DHS or we
have seen it with DOD a number of times with huge sums--as much
as $130 million spent before we pull the plug--how similar is
that in the private sector, or does the private sector do a
better job of kind of pre-planning and weighing all of those
considerations before moving forward?
Mr. Hite. One thing I would mention to start off is it is a
lot easier for GAO to point out what should be done than to
actually do it. So doing it is the harder part. So I just want
to recognize that on the part of the department.
But comparing public sector and private sector, a couple of
things come to mind. One of which, similar outcomes,
unsuccessful outcomes in the private sector are not going to
get the publicity that they are going to get in the public
sector. There is just not that kind of transparency that goes
on.
So my reading has shown that there are ample examples in
the private sector where particularly COTS-based solutions have
not been implemented successfully. And the reasons they have
not been successful are pretty much the same as we found--have
found across the board in the Federal Government.
They deal with the fact that when--the premise or the
supposition that is made by some when you are implementing a
COTS solution is the product exists. All there is--all you have
to do is implement it. What is going to take so long, or what
is the big deal? Let us move this thing along. Let us have it
in place and operating in a matter of months.
But the reality of it is implementing a COTS solution is as
difficult as it is designing and developing and implementing a
custom solution. You still have to go through the same type of
rigor and discipline in doing so, in clearly defining your
requirements and making sure that they are complete and
unambiguous that they can be, in fact, implemented properly
within that COTS solution.
There is a whole other issue associated with COTS
solutions, and that is when you are buying that package, you
are buying the embedded processes that go with that. And so,
what you are talking about is changing the way that your
organization does business. And so, that is a huge change
management challenge that has to be dealt with.
And that is not only just changing processes, but you are
actually going to have people change their jobs, change their
roles and responsibilities. And so, not only do you have to
identify those kind of things, but you have to prepare the
people for that kind of change, too. And that is something that
you have to start doing up front.
So that is a little bit of my perspective on the comparison
of the two.
Mr. Platts. Mr. Williams.
Mr. Williams. And that is consistent with what we have
observed also. I would agree fully.
Mr. Platts. Mr. Schied and Charbo, looking back and I
realize not in your exact position that you are in today, but
your role in the department and your knowledge of how the
initial eMerge2 plan was laid out, is there lessons learned
that you could share with us today?
What maybe could have been done different that would get
you to where you are today with the shared services model
approach that you are taking versus having spent time and money
on the initial approach?
And then also could you expand on what type of interaction
up front went on between CFO's office and CIO in deciding on
kind of the department-wide approach?
Mr. Schied. In terms of lessons learned, I guess there were
certainly a mix of sort of the positive and the negative.
I think the positive was the fact that we did monitor the
program quite closely. There was earned value management, IV&V
quality control process in place that, again, gave us the
warning flags literally within weeks that there was a
divergence in where we were going. And so, enabled us to be
able to take action and to work to try and address that before
we got too far down the path.
In terms of sort of going back to when eMerge2 was first
launched, as you know, I was not in this position, and there
was quite a period where I wasn't at Homeland Security as well,
some of the lessons learned I think on the management side
were, as I mentioned, first, just sort of the organizational
capacity to be able to pull off a big project like this so
early in the formative stages of the department.
The amount of staffing that we had within the CFO's office.
I joined the CFO's office literally just months after it first
opened, and there were 20 people or so in the CFO's office at
that time, in total. Most of them, actually, on detail.
So I think there was some underestimation of the amount of
management attention that is needed to produce a successful
outcome in a project like this. And that perhaps wasn't taken--
sort of fully taken into account.
Also, as I mentioned, eMerge2 was perhaps initially a
little too separated from the overall realm of financial
management within DHS in sort of recognizing some of the issues
that existed in DHS financial management. You can't broken
processes, ineffective processes, poor internal controls, and
just throw them onto a new financial system and expect success.
I think when DHS first stood up--and it really wasn't until
the 2004 audit that we had the first sort of full scope review
of DHS as a consolidated entity--I think by that time, it
became obvious where some of the real internal controls and
material weakness challenges were.
And so, I think that sort of wasn't necessarily known at
the outset of eMerge2, but was certainly part of what came into
play as we went through really the past year, year and a half
in trying to assess where we go first. There is a certain,
again, prerequisite level of, I think, baseline operations that
one needs to master before one sort of goes off and does
another realm of transformation. It has been quite
transformation enough just getting DHS pulled together, and
those challenges still remain.
In terms of--just before I throw it over to Scott--
collaboration, eMerge2 did go through the initial investment
review process. It was a far probably less mature process back
a couple of years ago when it first started than it exists
today.
It was actually prior to sort of the second round of
investment review process the eMerge2 was going to go through
basically to get the green light to move forward when it became
obvious that the project wasn't succeeding fast enough, and
there was no way we could take it through the investment review
process further and expect basically permission to continue on.
There were simply too many issues.
So I think having that process and that discipline in
place, knowing that you have to go before your peers on the
Investment Review Board and justify your program and explain
what is going on certainly makes managers accountable as to
what they are presenting.
Mr. Platts. Thank you.
Mr. Charbo.
Mr. Charbo. I would concur with what Eugene said. Coming
into the department at the time, they asked me to take a look
at it from a new perspective of the eMerge2 project before the
cancellation, and I think we commented on some of the same
points already briefed in the testimony.
But it seemed as if, you know, there was a complex
migration strategy of moving many variables at once, which may
not deliver some of the outcomes.
Our view from the IT side is not to overcomplicate things
but assure, I think, the goal of a clean opinion in the
accounting processes. When looking at the requirements, I think
again it was overly complex, and I would concur with what GAO
was stating about requirements management in this case.
Coming from the private sector, I think we tend to make it
a bit more simple, a bit more specific in the result. And I
think, in this case, there were large wish lists and then not
quite sure how to get there in the project.
The procurement strategy as well may not have been optimal
in that case. I think that is not unique to DHS. I think
procurement is a challenge across the Government at the present
time. So coming up with the right procurement strategy in this
case is also a requirement.
Mr. Platts. Thank you.
And I certainly don't want to diminish the challenge of
this effort and the timing of it, having just consolidated 22
agencies, 170,000 employees, and all the different management
systems, then trying to move forward. But you know, so we want
to acknowledge that as one of the challenges in addition to the
specific financial management aspect of the reform.
And I guess the good news is that this process, Mr. Schied,
that you reference that were in place to see where you were,
that you were at that roughly $8 million to $9 million and said
we don't want to go further, as opposed to going through that
$229 million in total, as has happened at DOD already. And have
the whole sum spent and then realizing it doesn't do what we
need it to do. So those checks and balances certainly were
important to not getting any further down the road.
I now recognize Chairman Rogers for the purpose of
questions.
Mr. Rogers. I thank the chairman.
Mr. Hite, you opened up making reference to the need for
corporate-like institutional controls, and then you went on
afterwards to make the point, you recognized these are easier
things to find than to resolve.
But in your opinion, why are we having problems finding
corporate-like institutional controls and systems being
implemented in DHS? Is it something inherent in the public
system, in your view? Why isn't that happening?
Mr. Hite. With respect to the corporate controls, even in
an organization that has been around for a while, like, you
know, pick your department du jour--Department of Defense--
trying to get all the different components to come together and
want to pursue a line of strategy that is in the best interests
of the whole as opposed to the best interests of their
respective parts is a cultural change that has to occur.
And this whole notion of taking an institutional approach
to how you manage IT forces that cultural change, and there is
an inherent resistance to it. Now you take 22 agencies----
Mr. Rogers. But isn't there an inherent resistance, even in
the private sector, to change, period? Why is the private
sector able to bring that change about, and we can't see it in
these public entities?
Mr. Hite. I would submit that there are cases in the
private sector where they aren't successful at bringing about
those kind of changes, and in some cases, those institutions go
out of business. There is the survivability of those
organizations from a financial standpoint that is a great
motivator. You know, fear and fear of failure is a tremendous
motivator.
In the Federal sector, these organizations have been around
a long time, who came together with all the right intentions
from a component standpoint, doing what they thought was the
best interests of the component. To drop that because a
department was formed and say, ``I'm willing to suboptimize
what I am doing for the betterment of the department as a
whole,'' would be a tough pill to swallow.
And I think that for that kind of cultural change, a couple
of things have to be in place. And I think there has to be, No.
1, there would have to be stable and very strong leadership
from the top. And there would have to be--part of that
leadership would be a vision of how, collectively, the parts
are going to work together for the betterment of the whole.
And then there would have to be--from the human capital
side, there has to be performance and accountability built in
to how individuals are challenged, expectations are given to
them, and how they are rewarded. And I think those would be the
keys to the success and making that happen faster.
I would say there is evidence that it is beginning to occur
at the department.
Mr. Rogers. I am anxious to see that. I mean, everything
you described I agree with.
But I make reference to the corporate-like reference that
you used in your statement because one of the things I see in
the private sector in business is people don't try to reinvent
the wheel as much as we do and as much as we see on the Federal
level. You find somebody that is doing something that works,
and you replicate it.
And DHS, Customs and Border Protection got a clean
financial audit, and the financial management systems they have
seem to be working. Why aren't we seeing the replication of
that in the other agencies? What are they doing right that the
other agencies aren't?
Do they have a better technology? Do they have better
software systems? Why did they get a clean audit? Why are they
making it work and the other agencies are not? And I throw that
to anybody. Eugene, you might want to take it first.
Mr. Schied. I would say in the case of Customs and Border
Protection, knowing what I do of their implementation of SAP,
they did it, I think, in a very deliberative process, a very
phased process.
The financial reporting, the general ledger was, I believe,
the last part of SAP that they stood up after they had done
procurement and asset management. So I think that--and that is
exactly the kind of what you described in terms of the reuse is
what we are now looking to do.
I want to--CBP did something. They seem to have gotten it
right. The auditors have come in and this past year were able
to give them an unqualified opinion on the balance sheet. We
have some other successes within DHS.
Over the past couple of years, the Coast Guard became the
service provider to the Transportation Security Administration.
They have some audit issues. But from a where do we go forward,
you know, trying to decide whether you go for sort of the
ultimate, which is, as Scott described, a system that sort of
meets all your requirements, has everything that you could
possibly want in it, versus just getting something that works
and meets the basic needs.
Mr. Rogers. It would seem logical to me that would be a
success of approximation of what Scott referenced.
Mr. Schied. Yes.
Mr. Rogers. To find something that works and replicate it
and then work toward to the ideal.
Mr. Schied. Right.
Mr. Rogers. Do you all sense that is what is happening? Do
you all sense that is the desire of the department?
Mr. Schied. Yes, for financial systems, and I think it is
probably true with other systems as well. That is certainly
where we are at.
Mr. Rogers. Great.
I want to shift just a minute to Mr. Williams and talk
about human capital. We are going to be talking about that
issue more in our subcommittee later. But you talked about the
human capital asset problems you found.
Well, tell me more about that. Tell me what shortcomings
you found in the area of human capital that stood out to you.
Mr. Williams. The bottom line in the area of human capital,
we looked at it from the perspective of what DHS should be
considering as they go forward in trying to implement new
systems and, as we like to say in the financial management
arena, achieve overall accountability of its operations.
What we noted is that during the 1990's, there was a
downsizing, and it was not just in the IT community, but across
Government. You had some reductions, downsizing in the area of
human capital. What the agency needs to do is to look at
basically what are our needs in the area of human capital, and
what do we currently have? And basically, we call that a gap
analysis.
What mix do we need? What type of experts do we need in
these various areas in order to get the systems that we need
and to get those systems operational? And what mix of people do
we need to address what I consider another major component of
trying to address this overall problem of accountability, and
that is to put the policies and the procedures in place in
order to produce information that is timely, reliable, and
available for day-to-day decisionmaking.
Mr. Rogers. Let me understand now. What you are making
reference to was you saw system shortcomings, not shortcomings
in human capital assets?
Mr. Williams. Well, saying that the agency needs to look at
what it currently has in place and come up with a strategy as
far as what is needed and make a determination what is the gap
between what I have and what I need in order to get to that
goal that I am trying to achieve down the road.
Mr. Rogers. I understand. The reason why I raised that
issue is, it seems to me, that we have a real problem. And
Ranking Member Meek brought it out in his opening statement. We
have a real turnover problem in the upper levels of management
throughout DHS. And it seems to me that is part of the reason
why we are finding these shortcomings in not just in systems
management, but in other areas as well.
Mr. Williams. Yes.
Mr. Rogers. I didn't know if you had noted that in your
review or not?
Mr. Williams. One of the things that we point out in the
review or in the analysis of documents that we put together is
that, first of all, you have to have the commitment from top
management.
Management has to be committed to the effort of what is
going on in the area of trying to achieve accountability,
trying to get systems in place, trying to improve the internal
control environment, efforts to eliminate the material
weaknesses that the outside auditors have reported on, efforts
to get the agency in compliance with key laws and regulations
that the auditors have identified, as well as reportable
conditions that the auditors have identified.
You need that commitment from the top, not only in words,
but you need it in action. It needs to be a long-term
commitment because a lot of these problems that we are talking
about today and efforts that need to be underway in order to
address these issues and to achieve ultimate accountability, it
is not going to happen overnight. So you need that long-term
commitment.
Mr. Rogers. You are also going to have to have stability at
the top, and we are not seeing that right now.
Mr. Williams. That is correct.
Mr. Rogers. I see my time is about up. So I will yield. I
am looking forward to the next round of questions, though.
Thank you, Mr. Chairman.
Mr. Platts. Thank you, Chairman Rogers.
I would like to recognize we have been joined by the
gentlelady from Texas, Ms. Jackson Lee. Thank you for being
part of the hearing, and I now recognize Ranking Member Meek
and then Ms. Jackson Lee.
Mr. Meek. Thank you, Mr. Chairman.
I guess this is for our Chief Financial Officer. I know
that you are acting at this time, Mr. Schied. I am assuming you
are acting, and someone is holding confirmation at this point.
Am I correct?
Mr. Schied. Yes.
Mr. Meek. OK. I appreciate your service. You mentioned
something about 2 years at the department?
Mr. Schied. I was actually at the department for a year
when it first stood up, as the budget officer. I left for a
year and then chose to come back.
Mr. Meek. Good for you. But good for, hopefully, a little
consistency there. We keep sending that message, but it is
something that we have to deal with in our subcommittee with
the department to try to make sure that folks are able to have
an opportunity to stay at the department.
Mr. Williams, you spoke in a very eloquent way that it has
to be a commitment from the top. But as we have the revolving
doors, and I just want to share with the committee this article
that was in the USA Today of the ``Brain Drain Hits Homeland
Security.'' And it talks about not just analysts leaving, but
individuals that are sitting at this table making decisions and
making statements before Congress.
I want to just--I guess, Mr. Schied, if I could--ask you a
question. You mentioned something about the eMerge2. You say
you pulled the plug on it. You used that term ``pulled the
plug'' before a lot of money was spent.
How much money was spent? Because I am a little confused. I
have in your written testimony here, it says that the total
expenditure on eMerge2 contract with BearingPoint under the
implementation of BPA--I guess that is the acronym for it--was
$8.9 million.
And then in a letter that was sent yesterday afternoon in
response to Chairman Rogers and my letter that was dated on
February 8th, on the second page, it says that the first phase
of the Program 1, $9.4 million was spent, and then after that,
the $8.9 million was spent on 2 for a total expenditure of
$18.3 million. Is that correct, sir?
Mr. Schied. That is correct. There were two phases of the
project. The first phase was largely a requirements phase, and
that was the $9.4 million that went to a couple of different
contractors, and then $8.9 million was under the blanket
purchase agreement.
Mr. Meek. OK. Since your letter is not in the record, it
was sent yesterday. I got it yesterday, and I believe the
chairman got it yesterday. It was not in the record, I just
wanted to make sure that was a part of our record here.
Mr. Platts. Without objection, it is included.
Mr. Meek. Thank you. Thank you, sir.
Also, I guess one of the reasons why I wanted to get into
that area because of the attrition rate at the department. We
are going to have a new-found commitment to making sure that
this works.
I know that, Mr. Charbo, you have this council that you sit
down with, with your other Chief Information Officers or
information office at the Department of Homeland Security. I am
going to give you some level of comfort, if you ask for it or
not.
In our subcommittee markup that we just had under the DHS
Management Operations Improvement Act, we gave you line
authority. Because I believe reading this report that I am
looking at here, that is what needs to happen. You have to have
the authority to be able to carry out the mission, and I am
concerned about that.
And Mr. Charbo, if I can ask you a question, under your
existing--because we have legislation moving through the
process that will--it is not about you. It is about your
position. Giving you that line authority, will it help you
implement the recommendations that the GAO has spent a lot of
time on in pointing out?
Mr. Charbo. It will. I mean, it will take some of the
arguments away.
Mr. Meek. I think what is important now is for, hopefully,
the department above your, I guess, pay grade to embrace that
philosophy that you just answered. I am glad you answered
truthfully because if someone was to ask me do I want line
authority, I would say yes because I want to lead, and I don't
want to do it by committee.
And I think it is important for us to be able to carry it
out if we are going to implement any of these. I mean, what is
happening right now and I think the reason why we have the
attrition we have, Mr. Chairman, is the fact that folks are
doing things by committee. And it is just not going to evolve.
Now there was another point in the report that I may want
to come back to, since we only have a few Members here, that
would allow us to deal with the question, it was in the
report--and I guess it is for the GAO, whichever one of you
wants to answer it--on page 11 that talks about fixing
requirements dealing with the system costs, anywhere from 10 to
100 times more cost. I'm sorry. Ten to 100 times the cost of
fixing it when requirements are defined.
Do you know what I am referring to, sir?
Mr. Williams. Yes.
Mr. Meek. I want you to kind of elaborate on that because I
do have a question after that, if you could?
Mr. Williams. OK. We will get our chief technologist to
talk to that particular point.
Mr. Platts. Do you want to state for the record--and
actually, Mr. Rhodes, could we have you stand and take the
oath?
[Witness sworn.]
Mr. Platts. OK. The clerk will reflect an affirmative
answer. Thank you.
Please proceed.
Mr. Rhodes. Mr. Meek, the variation is you have to think
about software development sort of like you are firing a
missile, and you are not directly aiming at your target, but
you are going to do these course corrections along the way.
Well, if you are trying to hit your target and you don't do any
adjustments until later on, then you have to burn up a
tremendous amount of fuel to hit your target.
Well, here is the same situation. If you don't get clear
definition of your requirements up front and certainly if you
wait further on to where you are actually in final system
integration or certainly if you are in deployment or in
operations, then it takes a tremendous amount of money per line
of code to fix it.
And the greater concern associated with that is the
problems that you introduce trying to fix things that arise.
You fix one problem and make five more. So it is not just that
one problem now costs you a lot more money. It is that problem,
plus the other five you made now cost you a lot of money. You
have to fix it up front rather than on the back end.
Mr. Meek. OK. Well, that comes down to the implementing of
the program, especially under our new way of doing business, I
would assume, at the department.
Mr. Rhodes. Absolutely.
Mr. Meek. So that is so very, very important. I see that my
time has expired.
Hopefully, Mr. Chairman, we may get another round of
questioning, and I can get a little further clarification. But
thank you for that explanation. I yield back.
Mr. Platts. Thank you, Mr. Meek. And we do plan to come
back around.
And before we move on to Ms. Jackson Lee, the previous
witness, Mr. Keith Rhodes's title, Chief Technologist at the
Government Accountability Office. So that we have that in the
record.
Thank you. Ms. Jackson Lee.
Ms. Jackson Lee. Thank you very much, Mr. Chairman.
That is about the way I feel. Let me go back to just an old
contract that may be just that because it is in the history.
And I just wanted to find out when the blanket contract was
given to BearingPoint and SAIC, two of them, it looks like one
was given in 2003, and then a subsequent one was given, and it
was subsequently put on hold. After less than a year, however,
the CFO put eMerge2 on hold.
Did any of these contracts have performance provisions to
them? Who can answer that? Measuring sticks of their
performance? What is the terminology of a blanket contract?
Mr. Schied. That is a blanket purchase agreement.
Ms. Jackson Lee. Right.
Mr. Schied. That meant that there was going to be an
overall $220 million project or $229 million project divided up
into specific task orders. And in the case of the blanket
purchase agreement for eMerge2, we had a first task order. It
was a firm fixed-price task order for $20 million. There were
specific----
Ms. Jackson Lee. And so, it was task specific? You do this
task for $20 million?
Mr. Schied. It was actually a series of tasks, a series of
deliverables. And there was a schedule associated with that,
and it was that each of the tasks in the various schedule that
BearingPoint was to follow that allowed us to track their
progress and to know in a fairly short amount of time that
there was a divergence between their performance and what the
contract called for.
Ms. Jackson Lee. And did you all track the performance?
Mr. Schied. Yes, ma'am.
Ms. Jackson Lee. And what did you find? So, in essence, you
had performance standards? I mean, what did you have to assess
whether the work was being done and done timely?
Mr. Schied. There was a project plan that identified
everything that was supposed to be done under the contract. And
then as products were delivered, they went through an
acceptance process by the Government to determine whether or
not the products that were being submitted met what was called
for under the contract.
Ms. Jackson Lee. I guess we don't have an IG here. Is there
someone that believes that was this an effective approach, Mr.
Schied? Was this an effective approach?
Mr. Schied. Oh, I would say that it was in that we, again,
quickly found out that there were problems, that the products
that were being delivered weren't on time. They weren't
acceptable. There is actually a chart that looks like this that
we used to track the progress, and you will see a fair amount
of red there. That indicated that there wasn't success that we
had expected.
So that, again, we, within a matter of weeks, realized it
was not going right, called essentially at first a timeout.
Ultimately decided that we were going to abandon that task
order altogether. And rather than pay the $20 million, which is
probably what costs were incurred, we wound up paying under
this particular task order $6 million, which was the value of
the products that we had ultimately accepted.
Ms. Jackson Lee. Was this a settlement without court? Was
this an internal, inner response that you got working with the
company, saying that they had not performed?
Mr. Schied. Yes. Correct.
Ms. Jackson Lee. And so, the only amount that you paid was
$6 million?
Mr. Schied. Well, there were a couple of different
contracts. And under this blanket purchase agreement, there
were two different task orders.
Ms. Jackson Lee. So you total up to what?
Mr. Schied. Again, under this particular task order or
under the blanket purchase agreement, this one was $8.9
million.
Ms. Jackson Lee. OK. So let me just in the course of that
backdrop, are you now prepared to describe how eMerge2 the
contract will be designed and awarded to ensure the best value
for the taxpayer?
For example, will the contract be open to full and fair
competition? And how do you plan to structure the contract to
ensure that the contractor delivers on time at or below cost?
And are you somewhere in this process where the Homeland
Security and the merger of all these different accounts can
finally get a hold of the enormous stream of money that seems
to be pouring out with no supervision, no checks and balances?
Mr. Schied. At this point, we are going through a
replanning phase. I believe at this point, we have abandoned
any notion that we are going to go back and rebid that
contract, that blanket purchase agreement that we had initially
entered into.
We are taking a totally different path. We are looking at
reusing investments that have already been made, either through
the OMB lines of business or leveraging existing investments
that have been successfully implemented within DHS.
I don't see that there is going to be another contract like
there was with BearingPoint. We have decided to go a different
route. We believe it will be less risk and less costly.
Ms. Jackson Lee. But I am sorry. Can I just hear the
different route that you are going?
Mr. Schied. Oh, certainly. We are going through each--there
is a DHS--when eMerge2 was initiated, at that time, looking
across the systems that were in place within DHS, there were
notable weaknesses in all of the systems. None of them
completely met, for example, the JFMIP requirements.
Since DHS came together in 2003 and since eMerge2 was
initiated in 2003, there have been a number of changes. OMB has
endorsed a lines of business approach. Customs and Border
Protection has implemented successfully a core financial
system. The Coast Guard has upgraded their core system and
taken on the role of a service provider. The Secret Service has
implemented a new system.
So the environment has changed quite a bit since we
initiated eMerge2. So it was a combination of factors of not
being successful with where we were going with eMerge2 and
seeing that the environment changed and there were
opportunities that we could leverage that is taking us a
different direction.
Ms. Jackson Lee. Mr. Chairman, I thank you for the
indulgence. I was going to ask for an additional 1 minute. I
was going to ask unanimous consent for an additional 1 minute.
I would just say to you that I know that the hearing has
been going on for a while. I was in a Science Committee
hearing. So I am directing this to the attention of the
chairman.
The gentlemen here are certainly fine public servants, but
I am just shocked at the repetitiveness of what keeps coming up
about expenditures. I know this is on one particular area, and
I hear the acting director, and I appreciate his commentary.
But $20 million was already spent, and they had to just let
that go.
In New Orleans, that is a separate story, but I think this
is an important, enormously important challenge that we have,
and I don't know how we are going to complete it. But
certainly, there needs to be a great deal more work because
money just seems to be spilling out with no accountability.
And I don't know if bells are ringing, but let me just pose
a question that maybe we can get--there are reports here, I
understand that. But maybe we can get, at least pointedly on
this issue, is just what money we lost? What money has been
wasted in sort of a lump sum?
And I yield back.
Mr. Platts. Thank you, Ms. Jackson Lee. Appreciate the
challenge here with schedules of us having to be at three or
four different spots at once throughout the day.
We did have earlier testimony about the sums, the $8.9
million, and in the written testimony that goes into some
detail of how it was spent. And certainly if there is a
specific followup question you would like to submit, we will be
keeping the record open for 2 weeks as well, if there is
something more specific you would like them to provide.
I want to pick up kind of where we were there with Ms.
Jackson Lee on the cost and certainly in the intent of this
hearing is to learn of what has transpired and, as asked
earlier, what lessons have been learned and, hopefully, what
knowledge has been gained, even though you haven't gone forward
with the department-wide eMerge2 program. What did you learn
from the dollars spent that you can now put to good use with
the new approach?
And so, that we are being responsible with taxpayer funds.
And especially for this department, it is so critical because
any dollar that we do lose is a dollar that is not available to
actually be out there defending the country and our citizens.
So your work is critically important to the lives of our
citizens and to their security.
With the new approach, originally you envisioned the
department-wide approach, $229 million. And now with the new
approach, is there a dollar figure? I know in the testimony we
talk about that you have $48.4 million available in the current
fiscal year. You have asked for an additional $18 million in
the 2007 President's budget. So right there, we have about
$76.5 million.
Do you have a figure, taking this new shared services
approach? What do you envision total cost being as compared to
that $229 million?
Mr. Schied. I think it would be a bit preliminary for me to
really give you very finite estimate. Let me say in terms of
the work that was done to date on eMerge2, there are a number
of products that were produced under the original--under the
money we basically already spent that will still be, I think,
quite helpful for us going forward.
For example, all of the requirements that were identified.
Rather than looking to find a COTS system and to build that out
to meet all of the requirements, it serves as a useful
reference model when assessing other systems that are in place
to determine what gaps there were.
That is, what did we want? What can we get out of one of
these existing systems? Where are the gaps, and what do we do
about closing the gaps? Either decide that it is not that
important or decide that we are going to conform, or obviously,
we will need to conform to what is in place, but is there
something about what was in the original requirements versus
what we would be moving to that, going forward, say, if we were
to reuse the CBP system or the Coast Guard system that we would
want to keep an eye on to possibly upgrade at some point in the
future?
A lot of the costs are still going to be the same. That is,
there was under the original eMerge2 project, there was going
to be a data warehouse to give us greater visibility, to give
management greater insight into information. And that will
still be a part of the project and probably even more
importantly so.
The cost of cleaning up data and migrating components from
the system we are on now to whatever the new target system will
be, those costs will still be similar. I think in terms of
total project range, quoted probably in the order of $150
million to maybe $200 million.
And so, I think it is probably less expensive than where we
were going before. It will also be stretched out, I think, over
a greater period of time versus where we were going before.
Mr. Platts. On that specific point, one, my hope is I
understand you can't give an exact figure or exact numbers, but
in that saying it is a little preliminary, it kind of comes
back to where we started is the hope that there is a pretty
definitive plan of where you are going that should give you
some guidance of what your costs are going to be as opposed to
saying, well, we know we are going to spend $66.5 million, but
not really know what that end cost is going to be.
Well, that gets into the issue that we need to know that
now, not a year from now, well, it is actually going to be $300
million, not $150 million. So that does concern me that there
has not been a better fleshing out of what that is going to be
in the end.
Mr. Schied. Well, we are still deciding just sort of who
will be sort of clustering around. I mean, I want to reuse
systems, but I don't know at this point whether I am sending
everybody to one system or I am sending people to perhaps two
different systems, if they will be inside the department or
outside.
That is part of the planning phase that we are going
through now and that I foresee somewhat will depend on the
timing of the confirmation of the next CFO, for him to be able
to put his stamp on it. But sometime in the May/June timeframe
is when I want to take it back through the investment review
process.
Scott right now controls all of my money, and he is pretty
hard about making sure that before I spend it, I know what I am
going to do with it.
Mr. Platts. Well, Scott, that is a good approach. Stay
focused on that approach.
On the timeframe, May to June, as to when you kind of think
you will have that plan and come back to that review, you
talked about it may be over a longer period of time because
originally, in the original plan, it was by this year, 2006----
Mr. Schied. Right. We would be up on that.
Mr. Platts [continuing]. We would have that department-wide
plan. So now we are kind of starting over. Do you have a
timeframe that you believe you are going to be able to pursue?
Mr. Schied. Well, I mean, it is complicated by, again, our
recognition of simply the challenges we face in terms of
improving financial management in DHS. Most of the--many of
sort of the first wave of components that were to migrate to a
new system are currently being serviced by Immigration and
Customs Enforcement. They contribute in a fairly significant
way to the material weaknesses that we have in the department.
Mr. Platts. Right.
Mr. Schied. I walk the line between how fast I can say get
their customers off their system and being serviced by somebody
else and how much I need Immigration and Customs Enforcement to
be able to fix the problems they have, which go not only to
servicing, say, me because I am a customer of them, but also
what supports their mission.
I am at the point now where I have to focus probably for
the next 18 months on Immigration and Customs Enforcement and
the Coast Guard, improving their material weaknesses and
improving controls before we are really ready about moving
people onto different systems.
Not to say that a lot of the work can't happen--there is
work that can happen concurrently. We are not going to be
sitting around for 18 months, figuring out what we are going to
do with eMerge2. But it is not going to be like a September
2006 kind of decision at this point.
Mr. Platts. And you touch on exactly where I was going to
go next. I am going to wait until we come back around to the
next round. But on those centers and the problems that some,
ICE and the Coast Guard already have and the ability to
actually migrate within the department given some of the
challenges that you have. But I will come back to that on the
next round.
I recognize Chairman Rogers.
Mr. Rogers. I want to stick with Mr. Schied and go back to
your reference to leveraging existing programs or investments.
Tell me more about what you mean by that.
Mr. Schied. Well, what happened over the past couple of
years while eMerge2 was not making success, there were a number
of successes going on within DHS. The Coast Guard became a
service provider to TSA. That is, TSA was on Transportation's
system. They weren't happy with that. They were going to be a
part of the eMerge2 solution, but they wanted to move fairly
quickly, quicker than we were going to schedule them for
eMerge2.
And so, they approached the department, along with the
Coast Guard, asking to be able to move from Transportation onto
the Coast Guard system. Both of them had been in Transportation
together.
But CFO Maner basically green-lighted that, allowed it to
happen. And in 2005, TSA got not only the systems, but the
financial services through the Coast Guard. And it was seeing
that worked, and it seemed to work reasonably well, and seeing
where CBP had upgraded their system or Secret Service had put
in a system, we realized, look, other people are having some
successes at this. We are not being that successful.
OMB at the same time has, over the past year, promoted
their lines of business. It really, I think, fostered a lot of
the same kind of thinking, led us to the conclusion there are
probably things here we can leverage.
I mean, I now have half of the department, depending on how
you want to measure it, on the Coast Guard, between Coast Guard
and TSA being about half of the employees in the Department of
Homeland Security.
Mr. Rogers. So, in a nutshell, you are talking about
replicating what they are doing in other agencies?
Mr. Schied. That same idea, yes.
Mr. Rogers. OK. Mr. Charbo, what do we get for $18 million?
Mr. Charbo. I think--as Eugene pointed out, I think the one
deliverable they have is the requirements baseline. That is
reusable. That is not a short-term tasking. That is not an easy
tasking. As has been pointed out, we have had 22 different
systems and components that we were trying to bring in, all
with the different wish lists of wanting to get to a different
objective.
So I believe what they got is that understanding of where
those requirements are and some of the documentation it would
take to move forward.
Mr. Rogers. I want to go back and talk a little bit more
about human capital. You made reference in your comments
earlier that you were one of the people who were with the CFO's
office when the department was originally stood up. Is that not
correct?
Mr. Schied. I was.
Mr. Rogers. You were?
Mr. Schied. Yes.
Mr. Rogers. I am sorry. I got the wrong note on the wrong
pad.
What percentage of those people are still around?
Mr. Schied. Percentage wise, very few. I mean, I could
probably--again, there were maybe, a rough number, 20, when I
joined, and it was shortly after DHS was stood up, actually in
May 2003. I am guessing there is probably maybe one or two that
are actually still within the CFO's office.
Mr. Rogers. In your opinion, is that a significant factor
in the problems that we are talking about here today in these
management systems, or is that really an aside?
Mr. Schied. I think specific to the CFO's office, it is
somewhat an aside. I think the overall issue, sort of the
bigger issue is just the number of people versus the turnover.
There certainly has been turnover, and particularly with
the office that is managing this particular project, there has
been quite a bit of turnover, particularly since we decided to
change direction. It is not really what the team envisioned.
Mr. Rogers. The turnover throughout these departments,
whether it is in the CFO's office or information systems, you
don't think that personnel turnover is really the big reason
why we are having problems?
Mr. Schied. Oh, I think it does--I think it adds something
to it. I would say particularly where we are at today versus
where we started out, I mean, today, the CFO's office is
somewhere between 80 and 90 staffed at versus the 20. I mean,
when things started out, it was just very, very scantily
staffed. Certainly some turnover does play its role, too,
though.
Mr. Rogers. I do think it was Mr. Charbo that made the
point that you saw real problems in the procurement process.
Was that you or Mr. Schied?
Mr. Charbo. I did make the statement that----
Mr. Rogers. Tell me about the shortcomings that you see in
the procurement process.
Mr. Charbo. Well, this is in general. It is awfully
difficult to put together procurements in Government that are
sort of focused on performance based that meet the general
outcomes. I mean, often we have multiple procurements that
overlap that you need to align those, integrate integrators
toward a common goal.
The timelines certainly are a challenge in a lot of the
procurements. I mean, that is my perspective also coming in
from outside of Government. I think that is a difference. You
were asking differences earlier. I think that is a clear
difference, and being able to make decisions and procure those
and start the projects on a faster note.
Finding the right vehicles, going through the processes,
answering the questions that come in. That takes a long time,
and that puts a burden on important key projects.
Mr. Rogers. All right. And the last thing I want to ask
about is this ``F'' that for the 3rd year the department has
gotten from the Government Reform Committee's annual
assessment, and I throw this out to anybody. Why is this
continuing to happen?
Mr. Charbo. Let me--I will comment on that. I think the
first thing is, is coming into DHS, again, I changed the
project around. You know, where we were is not where we wanted
to be in that certification progress. I believe we had 20
percent or less of our systems certified and accredited.
We made it a key objective. It is one of my major
initiatives. We had the Secretary make it one of his major
initiatives. He wanted to make it that. We had him kick the
project off at an IT security conference last October.
And since that point, we are at 62 percent of our systems.
Our goal at this point is we wanted to be at least 50 percent
complete. So we are on target of meeting our 100 percent by the
end of the year. That is our goal. That is our objective.
We have made our executives accountable for that goal. They
don't have any other performance mark. We made it real easy for
them. Your goal is 100 percent certification and accreditation.
So that is where we are moving toward. I think we are on
the right plan, and we are looking to change that ``F'' next
year.
Mr. Rogers. Thanks a lot.
Mr. Platts. Thank you, Chairman Rogers.
Ranking Member Meek.
Mr. Meek. Thank you, Mr. Chairman.
Mr. Charbo, I want to ask you a quick question. I know that
your predecessor, Steve Cooper, planned to develop the
department-wide IT strategy plan. That plan was supposed to be
released in the end of 2004. The plan still has not been
released. Two years have passed, and the department has spent
millions, if not billions, on technology without having a
strategic plan.
Do you believe that the department needs to have a
strategic plan? And if I missed something and they do have a
strategic plan, please share it with me.
Mr. Charbo. We will share it with you. There is a
department strategic plan, and our IT strategic plan does align
with that department-wide plan. We are also in the process of
creating a new strategic plan for IT. But we have a document
that is our IT strategic plan, and we could share that with
you.
Mr. Meek. When was that document developed?
Mr. Charbo. I believe it pre-dates myself as well. I am not
sure of the exact publish date.
Mr. Meek. OK. We would like to get a copy of it----
Mr. Charbo. Sure.
Mr. Meek [continuing]. So we will know exactly what is
happening.
Also, I guess this is for you, Mr. Hite. I understand that
there was some mention of the Coast Guard and the whole
integration, but I understand that the Coast Guard is servicing
TSA for its financial management activities. Please explain how
that works specifically as is each component running the same
system, or has the same system been customized for each?
And please explain the difference between consolidating
them on the same system and allowing them to have similar core
systems with customization? What impacts does it have on
integration efforts?
I am asking that because this is all going as we start to
step off again to hopefully not step back in the same hole we
just got out of. You can kind of elaborate on that a little
bit.
Mr. Hite. I will actually ask my colleague, who is the
financial management expert, to respond.
Mr. Meek. Whichever person that can answer that question
better. We are all for the best information.
Mr. Williams. OK. Basically, when you are talking about a
service provider, it is similar to the National Finance Center
that provides a payroll service for various agencies in the
Federal Government.
You have your operation in which you are processing
transactions, be it accounting transactions or what have you,
and that information is processed. You have policies and
procedures within your organization as to how you are going to
operate or your concept of operations. And information through
various means is provided to the service provider. It could be
manually, electronically, or what have you.
That service provider would then actually process that
financial data, that information, and produce reports and
provide that information for the entity or the organization
that it is providing the service for.
Mr. Meek. So I don't think they have the same system. That
is my question. I mean, they don't have an individual system, a
customization. Is that needed?
Mr. Schied. The Coast Guard and TSA do use two different
instances of the Oracle system that the Coast Guard has in
operation. That was part of the agreement when TSA came over.
There were a number of improvements that they wanted to see
made.
Again, the Coast Guard does have a number of cited
weaknesses. The TSA in assessing the Coast Guard system wanted
some improvements. And if the Coast Guard--I think the Coast
Guard, even if they didn't become a further service provider,
very much wants to be able to standardize on the TSA instance
of the system because I think they see it as an improvement
over what they had, and that will just take some time and money
for them to do that.
I think if anyone is a service provider, they generally
want to have a single instance of the system, the single
version that all of their customers are serviced on rather than
trying to operate multiple and somewhat different versions of
the system.
Mr. Meek. Yes. And you can see where the concern comes in.
Even when you look at personnel issues or you look at mission,
there are a lot of, you know, ``This is my little spot here in
Department of Homeland Security, and don't you dare cross that
line.''
I mean it's almost like Mr. Charbo here, who has a great
job. They have this council, and I don't think that there is a
person at the head of the table who says, ``Well, we talked
about this at the last council meeting. Why don't you have
it?'' And no one feels a level of urgency to carry out any of
these reports that we have.
Mr. Chairman, I keep driving to that because we have a
situation where taxpayers' money was wasted and national
security was jeopardized. And you know, this is not about the
crop report, you know, as it relates to corn or whatever the
case may be.
I don't want the National Corn Growers Association to get
upset with me, but the real issue is this, is that this is
national security. And you know, I feel and Chairman Rogers, we
tried to address many of the management issues in our mark. But
I think that it is important that we look at when you say
``best practices'' or things that we have learned, I think that
we have something to learn as policymakers.
We believe that we have a department that we can say,
``Well, this is the way it should be done because we are the
representative of the American people,'' and you say, ``OK,
fine.'' But you go back to the department, and then you have
these little kingdoms that are out there, and they all have
gates and drawbridges and all of those different things.
And unless we give you the authority, which we have, in
your case, to be able to carry out the mission and look at a
GAO report and say, ``OK, fine. This is what we are going to
use as our beacon of light toward improvement, then let us do
it.''
I don't know. Maybe I should buy lunch for you every
Friday. I want you to stay in place so that we can get this in
line. You know, I am joking. I am trying to be a little funny.
But at the same time, we have to have a mission statement
that will carry on even when the next person comes into the
office, saying, ``Well, this is what we already have going.''
Because someone could look at it and say--it is like a letter
almost. If I write a letter in my office, I hand it to my
senior advisor. She looks at it. She changes it. It goes to the
chief of staff. He looks at it. He changes it.
And so, everyone starts changing this letter, and sooner or
later, it is going to lose the original intent that I had tried
to, I guess, share with the person I was writing the letter
with.
But Mr. Chairman, I believe we are going to have to address
it because I think we have people here, people of good will who
I know everyone at that table is for national security and for
accountability and for saving the taxpayers money. But I think
that we are going to have to further dig into how can we
hopefully continue to fine-tune and sharpen?
I think the department is a pencil and is dull, and we just
need to sharpen it because when it is dull, it is kind of hard
to write with. I think that is what you all are going through
on a daily basis. We just need to get down to the bare facts of
what is needed. That is difficult, and we understand that, but
we don't want to have to legislate in haste.
I think the department was, even though there was some
thought went into it, it was a kind of ``We need to do this
now. So let us do it.'' And now it has happened. Folks are
getting more cemented in and in quick-drying cement, saying
that this is the way the cookie is going to crumble. It doesn't
work, especially when we are trying to make this happen.
Mr. Chairman, that would be the conclusion. I won't have
any closing statements. I wouldn't want to ask for another
round. But I just want to thank you and Chairman Rogers for
putting this hearing together. I think it was very insightful
not only for me, but also for the staff that is listening.
Some of the questions were answered. We were able to get
some good things into the record.
Mr. Platts. Thank you, Ranking Member Meek.
And your point about getting to the bare facts is very
important. And one of the things through the legislation that
the House and Senate adopted with the department is the audit
internal control is to try to get to that bedrock of the
information capturing and then build from there forward. That,
actually, I plan to get into a little bit in questions in the
next round for myself.
And your counsel that we really take what we learned and
put it to action here is something that if I have the number
right, I think GAO has done about 40 different reports in this
general area, and the importance of the department, both our
CFO and CIO to really lean on GAO for the knowledge they have
as you move forward and to stay on the right track.
The wealth of knowledge is there to be embraced and acted
upon and to see GAO as a friendly partner, you know, to work
hand in hand with you as you go forward.
Ms. Jackson Lee.
Ms. Jackson Lee. Thank you, Mr. Chairman.
Following the line of questioning that has persisted all
afternoon, I want to try to get to another component. Mr.
Charbo, if you would? We know when we are talking about best
practices and information technology, it calls for another
component, which is the human capital.
And I think some of my colleagues have mentioned some of
our concern and maybe even disappointment at the seeming
revolving door. Unfortunately, it is a very large department,
and we are recognizing that more and more.
When it first started, the Homeland Security Department was
180,000 that we thought we were putting together. In the course
of that, of course, in the merger, we are sure you lose people.
But it seems that we have had a tough time.
I want to know does the department now have sufficient
information technology, human capital, the right skills to
effectively carry out its mission now and in the future? If you
answer yes, how do you know that DHS and the components have
this capability? What is the analysis that has been performed
to determine the capability? And if you don't feel we are
there, can you explain the reasons why not and whether there is
a plan to do so?
And I also want Mr. Hite to comment on the human capital
question. Mr. Schied, I would be interested in your overall
view as to this fact that DHS did not receive a clean financial
opinion in 2005. And we may have gone again over this, but how
are we prospectively going to achieve that clean opinion as we
look toward the future? And how do we give comfort to Americans
that we are actually utilizing their tax dollars efficiently?
Mr. Charbo.
Mr. Charbo. I think one of the--addressing the IT human
capital. We have a heavy contractor utilization in the
department. So a lot of the gaps that we have done some
analysis for, and we have prepared a plan. Even our conference
report and the appropriation required us to produce a document
this year that identified it, and that goes hand in hand with
what the OMB requirement is, is to do the IT human capital gap
analysis as well.
So we have done that. We are identifying solutions or ways
that we can mitigate those plans. Primarily, that is for a lot
of the higher grade project/program management level positions.
Some of the unique security or network administration positions
that we have. Those are some of the areas that have been
identified as gaps. But the tendency is to fill those with
contract support in order to continue the systems operating and
the mission moving forward.
So we have done the initial analysis, and we are beginning
to fill the gaps and publish that report.
Ms. Jackson Lee. But are you telling me that you are using
mostly contractors as part of the human capital?
Mr. Charbo. At the department. At the department, a lot of
the IT positions, which typically aren't identified as
inherently Government, are filled with contract support.
Now you need Government employees to supervise those
contract employees. So, as we do the gap analysis for that, we
have identified that solid program managers, solid IT project
managers are areas that we need to fill in more robust.
We look for lots of authorities in that area. Certain
components have some direct-hire authorities. Others do not. So
we are trying to sort of level that playing field. That is one
of the gaps identified. That is one of the things that we would
ask for some support in getting.
Ms. Jackson Lee. You don't think that undermines
institutional knowledge?
Mr. Charbo. Using contractors?
Ms. Jackson Lee. Yes.
Mr. Charbo. No. I think that is the gap analysis that we
have identified at the upper levels, the managing positions for
IT, that is where we look for that institutional knowledge.
There are a lot of IT positions that are administration or
pulling cable, development. I mean, most of that is done on a
contract basis.
Ms. Jackson Lee. Thank you.
Mr. Hite.
Mr. Hite. Certainly. I will speak to strategic management
of IT human capital at both the program level, the component
level, and the department level because you want to do it at
all levels. And basically, what we are talking about is
understanding what is the suite of functions that we need to
perform to execute this program or to execute a component's IT
mission?
What are the core competencies associated with those? Who
do we have onboard now? How do they match up against those core
competencies? Do we have an inventory of those skill sets? What
are we going to need strategically going forward on a
continuous basis? Where is that gap? And then what are our
strategies for filling that gap?
And contracting for services is part of strategy, but also
certainly through hiring and retention and training are other
strategies as well. Our work has shown at the program level,
some of these large programs that we have looked at--for
example, the ACE program--that kind of strategic approach to
human capital management isn't going on. They recognize it.
They intend--they have represented to us that they are going to
work on that.
At the component level, CBP, for example, which is the
component that ACE resides within, that hasn't happened. They
recognize it, and they have represented that they are going to
work on that.
At the department level, I look forward to seeing the IT
human capital strategic plan that the--Mr. Charbo referenced.
We are, by law, required to look at that once it is produced. I
have not seen one to date. I am not aware of one.
Ms. Jackson Lee. Thank you.
Mr. Schied. In terms of improving on financial management
and being able to provide some assurance, some positive
assurance about the controls that we have in place, I guess I
would point to a couple of initiatives that we have underway
this year different from what we did last year.
As you know in 2004, we had 10 material weaknesses and a
disclaimer of opinion. And in 2005, we had 10 material
weaknesses and a disclaimer of opinion. Obviously, something
didn't work last year in terms of making the improvements that
were expected. I think some improvements were made, but I was
frustrated at the rate at which improvements have been made.
So what is different this year? I think several things.
First, the way we get out of the hole is through corrective
action plans. And in all of the audit--the 10 material
weaknesses break down to many reportable conditions, actually
probably hundreds of specific findings that the auditors see
when they come in and assess our financial statements.
We have been kind of down at too low a level in trying to
fix some of those problems. That is, you have to recognize that
they all tie back up, and they all report back to--somehow
relate back to the 10 material weaknesses. I think we are
taking a more holistic approach at how to fix those.
We are getting--and a couple of weeks ago, I wrote the
inspector general to engage on the internal controls audit and
identified the frustration I have and asked for their more
active involvement this year at monitoring our corrective
action plan process. We have changed the process itself.
There is a management directive forthcoming that will
identify a corrective action accountability official so that we
have some clear lines of who is responsible for fixing which
material weaknesses. While it may involve many different
players, there is ultimately someone that has to be held
accountable to fix each of the weaknesses.
We are improving our ability to track the weaknesses so
that, again, similar to what we had with the eMerge2 project,
to know when are we off track, is there something we need to do
about it? We will have a much more open system and a system
that I believe the IG and the auditors will also look at to be
able to track whether or not we are making the progress.
What I found last year is you can go through, and you can
execute the plans, and you can really get nowhere. And we want
to certainly avoid that from coming about again this year.
I think we are in a pretty good position to resolve a
number of the material weaknesses this year. If we don't fully
remediate them, I would expect that work can be done. It is
really about probably an 18-month process to successfully
eliminate I think all the weaknesses. We have a good chance of
eliminating all the weaknesses. It is a lot of work, and we are
committed.
And the last thing I would point out, I guess, too, is most
of the weaknesses are identified in two organizations--ICE and
the Coast Guard. And in the past year, they have had a renewed
commitment. I mean, there's a CFO at ICE that wasn't there
before, a new assistant secretary. They have, you know, what
used to be a plan that was about yea thick. It is now about yea
thick. I mean they have put a lot more thought and effort into
it.
I think they have increased their staffing. Likewise,
within the CFO's office, we have increased staffing
particularly for the internal controls group that is going to
be responsible for overseeing our corrective action plans. I
think all of those things are going to make a difference.
The Coast Guard is certainly stepping up to the challenge.
They have a number of weaknesses that they need to fix. I got
an e-mail a couple of weeks ago from Admiral Allen, forwarding
me information just sort of out of the blue, showing how they
are fixing some of their weaknesses. I mean, it is that tone at
the top that really makes a difference as well.
And last week, or actually it was a couple of weeks ago
now, Admiral Allen, the Assistant Secretary for ICE, myself,
the inspector general met with the Deputy Secretary to talk
about progress. Those are all changes that have happened over
the past several months and I think increase the likelihood
that we will actually make progress and demonstrable progress.
Ms. Jackson Lee. Wow. Thank you.
The only question is, is that chart in the record that you
keep holding up? Is that something that we can----
Mr. Platts. I don't think it was in your written testimony.
Mr. Schied. I can provide it.
Ms. Jackson Lee. I would appreciate it.
Mr. Platts. Without objection, we will have it entered into
the record.
Ms. Jackson Lee. I thank you, Mr. Chairman.
Thank you very much, both, for the hearing.
Mr. Platts. Thank you, Ms. Jackson Lee.
Want to come back to the issue of the shared services and
the center of excellence approach and first get an
understanding that what you are envisioning with the new
eMerge2 approach is basically in line with what OMB talks about
with their centers of excellence, you know, line of business
for financial management.
And is that a correct understanding that it is one and the
same?
Mr. Schied. It is in alignment with, but I guess I would--I
don't know that I could tell you it is necessarily one and the
same. That is, basically, OMB says that their policy is that
you will migrate to one of their particular centers of
excellence, or you will yourself become a centers of excellence
provider beyond your own agency.
And OMB allows for certain exceptions to that, and I think
we are one of the exceptions, and we are working closely with
OMB on this. That is, we want to sort of apply a similar
concept within DHS. I am not, at this point, interested in
going out and selling my services to other Federal agencies.
Mr. Platts. Now make sure, because we worked through this
with OMB, and my staff will correct me if I get this wrong from
our hearing with OMB, that it is exceptions, but not with the
actual systems, the financial systems. There is a mandatory.
You are either a center of excellence or you migrate to one. I
think in that aspect, I thought it was mandatory that you have
to do one or the other?
Mr. Schied. I guess I understand it a little bit
differently. I mean, certainly, we are not--I am not precluding
at this point that some or I guess potentially even all of our
systems will be met through OMB centers of excellence. I guess
we are taking a somewhat broader approach within DHS in that
not only do I want to migrate and consolidate systems, I am
also interested in doing the same with the services because I
think----
Mr. Platts. And ideally, I think that is----
Mr. Schied [continuing]. Hopefully that is where you will
get the bang for the buck in terms of efficiencies, a smaller
control environment, fewer systems, fewer processes in place.
Mr. Platts. Are you working with OMB in assessing Customs
and Border Patrol and Coast Guard, Federal Law Enforcement
Training Center? Are you working with OMB in how you are
assessing your own agencies as centers of excellence?
Mr. Schied. We report to--at this point, we have weekly
meetings with them, and they are monitoring our development of
the plan. And they will have to approve whatever plan we have
going forward.
Mr. Platts. Are there specific agencies? I mean, the ones I
am aware of seem to be Secret Service, Coast Guard, Federal Law
Enforcement Training Center, and Customs and Border Protection.
Are those the ones you are focusing on for your centers of
excellence?
Mr. Schied. Yes. I guess I had also just sort of--since it
has been used several times. I don't really so much see it as
centers of excellence, and this may be kind of splitting hairs
a little bit. Centers of excellence could connote--if I had,
say, multiple ones, say, CBP and Coast Guard--that they would
be in some way sort of forever independent of each other.
I think however we consolidate our efforts, we want to be
able to also have a relationship between our centers of
excellence, so it doesn't make them sound like they are islands
unto themselves. I want to have a plan going forward. I think
sort of a long-term vision is that we would also look for
opportunities to have business arrangements even between the
centers of excellence, say, one perhaps focused on one
particular aspect of financial management, one on perhaps a
different element.
And in terms of centers of excellence concept, those are--
the ones you mentioned are the organizations we are
interested--I mean, that we have been looking at so far. They
are the ones that have the newer, relatively newer investments
in systems.
Or there were a couple of considerations that we looked at.
How new is their system? How integrated is the system, that is,
procurement, financial management, asset management?
I think, long term, you want to drive, do as much
integration of those systems as possible to eliminate, say,
duplicate entry of financial information in the procurement
system and then in the finance system, which is the case today
in various places within DHS.
Also their overall financial performance. FLETC, for
example, CBP--FLETC hasn't had a stand-alone audit. We are
having them go through that, I believe, this year for 2006. CBP
has had a balance sheet audit this last year. They passed it.
Next year, actually this current year, there will be a full
scope audit.
So we want to take into account financial performance. I
mean, I think a financial service provider ought to be able to
obtain certain standards of, say, excellence in order to be a
financial service provider.
Mr. Platts. I want to followup on that a little bit. Before
I do, though, I wanted to check if either--did you want to make
a statement before I continue on? Ms. Jackson Lee, before I
continue on with some other questions, did you have other
questions or comments?
Ms. Jackson Lee. No. Simply to thank you, Mr. Chairman, and
yield back to you for your questions and look forward to the
answers of the questions that we have raised in this hearing.
Thank you very much.
Mr. Platts. Thank you.
My, I guess, question or more a caution, I guess, is just
to be working very closely with OMB on what they clearly want
is mandatory versus what is discretionary and be able to be
just done in-house regarding their Financial Management Line of
Business approach.
And in our hearing with the OMB last week, we got a little
more delineation. But I think they still have a lot of
questions they are trying to answer. So before you get too far
down the path with your own entities, that you are certain are
going to be line with what they actually are going to demand
from you in the end.
Mr. Schied. Certainly before we begin to execute on our
plan, they will approve the plan.
Mr. Platts. Let me switch to just one question on the
internal controls audit and kind of where you stand with your
contractor and kind of an update on the issue.
Mr. Schied. OK. On internal controls, I mean, we have
really, I think, over the past year have expanded our thinking
quite a bit to not see internal controls and the financial
audit and the material weaknesses and the corrective action
plans and the audited financial statements as being separate
things. They are one and the same thing.
That is the weaknesses that the auditors find in the annual
financial statement, they are material weaknesses. And they are
material weaknesses that are known to us and that we are
attacking. And so, as we go and go about assessing our internal
controls, they are not separate processes. It is one and the
same.
And the way we are going about it this year is by
identifying a couple of the pervasive weaknesses that I think
will have ultimate ripple effects down to helping fix some of
the other weaknesses cited by the auditors. That is financial
reporting, financial management oversight, and fund balance
with Treasury. Those are key weaknesses in the audit. They are
a part of what our internal controls team is working on fixing,
going through assessing what processes we have in place.
By taking the internal controls sort of angle to our
material weaknesses, it really gets us to looking at the
systemic and root causes of the weaknesses we have in place.
That is, we are not just trying to say put a band-aid on a
particular weakness. We are looking at how the whole process
works. You have to understand what process you have working in
place to really get down to the root cause of the problems that
you have and how you go about--how you are going to go about
fixing it.
I think in terms of the particular audit provision and how
we are relating with the IG and the auditor, the IG, the
auditor, GAO, I think also with you and your staff, have been
kicking about what the actual audit would consist of for 2006.
My understanding with the discussions with the IG at this point
is that there is going to be some additional work that, in this
case, KPMG will do in addition to just the financial statement
audit.
They will be looking at our internal controls and how we
are managing them through the corrective action plan process
that is I think the intention will be for KPMG to work with the
IG to assess whether or not the changes that we are putting in
place with the corrective action plan are effective. And then
they are going to essentially periodically audit us on our
performance against the corrective action plan as well as the
financial statement.
I think that, plus the ultimate statement of assurance that
the Secretary provides at the end of the year, will perhaps
form a basis for the IG then to provide some kind of opinion or
express an opinion on the internal controls within DHS similar
to what GAO does on behalf of basically the entire Federal
Government.
Mr. Platts. With the focus on your internal controls in
that audit and an opinion being expressed, in-house--asked
earlier, if I remember, by my colleagues--on the human capital
side, do you believe you are in good shape with your own staff
to be able to work with your contractor on the audit?
Mr. Schied. It is certainly a growing staff. We have
added--for 2006, Congress appropriated several new positions
specifically to work--and that was actually the core that
allowed us to reorganize within the financial management office
to form a core team that will focus on internal controls and
the corrective actions.
I think that we have brought the staffing in just the
finance office up to about 21 this year. I believe in the 2007
request, there is probably eight more positions that would go
toward the finance office as a whole and further bolster our
efforts. So I don't think the staffing level is where it needs
to be. The budget requests more.
I would also say that we have put within the budget for
2007 requests throughout DHS that the CFO's office was able to
put. So, for example, you will see going through the budgets $1
million requested in CBP, in FEMA, in ICE, in TSA; $2 million
in the Coast Guard.
It is a total of $16 million, actually almost $17 million
that the department is looking for in 2007 specifically related
to those internal controls and remediating the material
weaknesses.
So we have a good start this year. Congress provided
additional positions and about $4 million. That, plus the
additional $12 that we are looking for in 2007, will be able to
expand the effort.
Mr. Platts. And the importance of that effort, of getting
to the root causes, as you said, is long term going to make a
huge difference, I think, as you go forward. So we want that
effort to succeed.
I have three what I think will be very quick answers for
the panel that will wrap things up here. First is just with Mr.
Williams and Mr. Hite, in hearing testimony here today and your
efforts day in and day out working with the department and
taking this new approach, one of the questions earlier to Mr.
Schied was the question of timeframe.
Are you able to give your best guestimate on if we move
forward as planned and are successful, when do you think we see
the financial house in order at DHS?
Mr. Williams. It is difficult to say at this particular
point in time. When you look at an organization like the
Department of Homeland Security that had 10 material
weaknesses, 2 reportable conditions, 7 noncompliance with laws
and regulations, you are looking at a huge organization that is
very diverse.
One of the things that I was glad to hear today is that
there is a focus on the internal control issues because we, at
GAO, have basically taken the position that achieving overall
accountability is not just getting a clean opinion on your
financial statements. We have known of situations where
agencies have gotten a clean opinion on their financial
statements on September 30th, and the books were out of balance
on October 1st.
The overall objective of the Chief Financial Officers Act
was to have systems, policies, and procedures in place that
would produce accurate, timely, and reliable information that
could be used on a day-to-day basis.
And I think when you get to the root causes, and that is
addressing these internal control weaknesses--these reportable
conditions, these other issues that would require new policies
and procedures--in addition to just putting a new financial
management in place, then you are getting to what the original
intent of the Chief Financial Officers Act is.
And a focus on the internal control environment, which is,
as I said, what I heard today, I think is a step in the right
direction for achieving overall financial accountability.
Mr. Platts. And that reason for this committee and our
efforts in pushing the importance of DHS being under the CFO
Act and then fulfilling the goals of that act.
Mr. Williams. That is correct. Because while the current
administration was committed to the intent of the act, the
overall philosophy behind the passage of the act back in 1990
was you want a structure in place that not only is for today,
but for 15, 20 years from today. That you are still getting
that good accountability that we strive for.
Mr. Platts. OK. Thank you, Mr. Williams.
I think we are going to wrap up there, and if we do have
any followups, we will do in writing. And any items that you
are going to submit, we will be keeping the record open for the
2 weeks.
Appreciate all five of your testimonies and also your
efforts day in and day out at GAO and at the department, and
the work you are doing at the department certainly is about the
safety and security ultimately of our citizens throughout the
country.
So, Chairman Rogers, did you have a closing comment? We
certainly have been very pleased to partner with your
subcommittee and look forward to continued cooperation and work
with the department and GAO.
This hearing stands adjourned.
[Whereupon, at 4:57 p.m., the subcommittee was adjourned.]
[The prepared statements of Hon. Edolphus Towns and Hon.
Bennie G. Thompson, and additional information submitted for
the hearing record follow:]
[GRAPHIC] [TIFF OMITTED] T9709.069
[GRAPHIC] [TIFF OMITTED] T9709.070
[GRAPHIC] [TIFF OMITTED] T9709.071
[GRAPHIC] [TIFF OMITTED] T9709.072
[GRAPHIC] [TIFF OMITTED] T9709.073
[GRAPHIC] [TIFF OMITTED] T9709.074
[GRAPHIC] [TIFF OMITTED] T9709.075
[GRAPHIC] [TIFF OMITTED] T9709.076
[GRAPHIC] [TIFF OMITTED] T9709.077
[GRAPHIC] [TIFF OMITTED] T9709.078
[GRAPHIC] [TIFF OMITTED] T9709.079
[GRAPHIC] [TIFF OMITTED] T9709.080
[GRAPHIC] [TIFF OMITTED] T9709.081
[GRAPHIC] [TIFF OMITTED] T9709.082
[GRAPHIC] [TIFF OMITTED] T9709.083
[GRAPHIC] [TIFF OMITTED] T9709.084
[GRAPHIC] [TIFF OMITTED] T9709.085
[GRAPHIC] [TIFF OMITTED] T9709.086
�