[House Hearing, 110 Congress]
[From the U.S. Government Publishing Office]


 
AN OVERVIEW OF ISSUES AND CHALLENGES FACING THE DEPARTMENT OF HOMELAND 
                                SECURITY 

=======================================================================

                              FULL HEARING

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                       ONE HUNDRED TENTH CONGRESS

                             FIRST SESSION

                               __________

                            FEBRUARY 7, 2007

                               __________

                            Serial No. 110-2

                               __________

       Printed for the use of the Committee on Homeland Security
                                     
                 [GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                                     

  Available via the World Wide Web: http://www.gpoaccess.gov/congress/
                               index.html

                               __________

                         U.S. GOVERNMENT PRINTING OFFICE 

35-261 PDF                       WASHINGTON : 2009 

For sale by the Superintendent of Documents, U.S. Government Printing 
Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
Washington, DC 20402-0001 














                     COMMITTEE ON HOMELAND SECURITY

               BENNIE G. THOMPSON, Mississippi, Chairman

LORETTA SANCHEZ, California,         PETER T. KING, New York
EDWARD J. MARKEY, Massachusetts      LAMAR SMITH, Texas
NORMAN D. DICKS, Washington          CHRISTOPHER SHAYS, Connecticut
JANE HARMAN, California              MARK E. SOUDER, Indiana
PETER A. DeFAZIO, Oregon             TOM DAVIS, Virginia
NITA M. LOWEY, New York              DANIEL E. LUNGREN, California
ELEANOR HOLMES NORTON, District of   MIKE ROGERS, Alabama
Columbia                             BOBBY JINDAL, Louisiana
ZOE LOFGREN, California              DAVID G. REICHERT, Washington
SHEILA JACKSON LEE, Texas            MICHAEL T. McCAUL, Texas
DONNA M. CHRISTENSEN, U.S. Virgin    CHARLES W. DENT, Pennsylvania
Islands                              GINNY BROWN-WAITE, Florida
BOB ETHERIDGE, North Carolina        MARSHA BLACKBURN, Tennessee
JAMES R. LANGEVIN, Rhode Island      GUS M. BILIRAKIS, Florida
HENRY CUELLAR, Texas                 DAVID DAVIS, Tennessee
CHRISTOPHER P. CARNEY, Pennsylvania
YVETTE D. CLARKE, New York
AL GREEN, Texas
ED PERLMUTTER, Colorado
VACANCY

       Jessica Herrera-Flanigan, Staff Director & General Counsel

                        Todd Gee, Chief Counsel

                     Michael Twinchek, Chief Clerk

                Robert O'Connor, Minority Staff Director

                                  (II)


























                            C O N T E N T S

                              ----------                              
                                                                   Page

                               STATEMENTS

The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Chairman, Committee on 
  Homeland Security:
  Oral Statement.................................................     1
  Prepared Statenment............................................     2
The Honorable Peter T. King, a Representative in Congress From 
  the State of New York, and Ranking Member, Committee on 
  Homeland Security..............................................     3
The Honorable Marsha Blackburn, a Representative in Congress From 
  the State of Tennessee.........................................    34
The Honorable Christopher P. Carney, a Representative in Congress 
  From the State of Pennsylvania.................................    43
The Honorable Donna Christensen, a Delegate in Congress From the 
  U.S. Virgin Islands............................................    36
The Honorable Charlie Dent, a Representative in Congress From the 
  State of Pennsylvania..........................................    42
The Honorable Norman D. Dicks, a Representative in Congress From 
  the State of Washington........................................    32
The Honorable Bob Etheridge, a Representative in Congress From 
  the State of North Carolian....................................    28
The Honorable Al Green, a Representative in Congress From the 
  State of Texas.................................................    45
The Honorable Jane Harman, a Representative in Congress From the 
  State of California............................................    24
The Honorable James R. Langevin, a Representative in Congress The 
  State of Rhode Island..........................................    36
The Honorable Sheila Jackson Lee, a Representative in Congress 
  From the State of Texas:
  Oral Statement.................................................    46
  Prepared Statement.............................................    47
The Honorable Zoe Lofgren, a Representative in Congress From the 
  State of California............................................    40
The Honorable Daniel E. Lungren, a Representative in Congress 
  From the State of California...................................    38
The Honorable Michael T. McCaul, a Representative in Congress 
  From the State of Texas........................................    26
The Honorable Mike Rogers, a Representative in Congress From the 
  State of Alabama...............................................    22
The Honorable Loretta Sanchez, a Representative in Congress From 
  the State of California........................................    21
The Honorable Mark E. Souder, a Representative in Congress From 
  the State of Indiana...........................................    30

                               Witnesses

The Honorable Richard L. Skinner, Inspector General, Department 
  of Homeland Security:
  Oral Statement.................................................     6
  Prepared Statement.............................................     8
The Honorable David M. Walker, Comptroller General of the U.S. 
  Government Accountability Office...............................     4
Accompanied by:
  Mr. Norman Rabkin, Managing Director, Homleand Security and 
    Justice, Government Accountability Office....................    42

                                Appendix

Response to Supplemental Questions from the Committee on Homeland 
  Security:
  The Honorable Richard L. Skinner Responses.....................    55
  The Honorable David M. Walker with Mr. Norman Rabkin Responses.    67


AN OVERVIEW OF ISSUES AND CHALLENGES FACING THE DEPARTMENT OF HOMELAND 
                                SECURITY

                              ----------                              


                      Wednesday, February 7, 2007

                     U.S. House of Representatives,
                            Committee on Homeland Security,
                                                    Washington, DC.
    The committee met, pursuant to call, at 1:05 p.m., in Room 
311, Cannon House Office Building, Hon. Bennie Thompson 
[chairman of the committee] presiding.
    Present: Representatives Thompson, Sanchez, Dicks, Harman, 
Lofgren, Jackson Lee, Christensen, Etheridge, Langevin, 
Cuellar, Carney, Clarke, Green, Perlmutter, King, Lungren, 
Rogers, McCaul, Brown-Waite, Blackburn, Bilirakis, and Davis of 
Tennessee.
    Chairman Thompson. [Presiding.] The Committee on Homeland 
Security will come to order.
    The committee is meeting today to receive testimony on an 
overview of issues and challenges facing the Department of 
Homeland Security.
    Today we will hear testimony from two distinguished 
witnesses. Combined, they have written hundreds of reports 
detailing the problems and challenges facing the Department of 
Homeland Security.
    From the outset, it was clear that the transformation of 22 
agencies into one unfulfilled department would be a major 
challenge. But we expected that by the fourth year of this 
endeavor the department would be well on its path to stability. 
Regrettably, instead, DHS seems to be wandering aimlessly 
toward an uncertain destination.
    Is it because of DHS's importance to our nation's security 
that we must now allow basic problems or organizational 
structure and administrative weaknesses to continue to hamper 
its ability to accomplish its mission? Unfortunately, that is 
what appears to be happening.
    In Hurricane Katrina we saw firsthand that the failure to 
get routine management, procurement and financial assistance 
under control can and does hinder and sometimes even halts the 
ability of this agency to get the job done. The kind of 
dysfunction that occurred in response to Hurricane Katrina 
cannot become standard practice for this department.
    It will take an aggressive oversight to get DHS on track. 
Our combined efforts--Congress's, the GAO's and the inspector 
general's--are vital if the department is to become the kind of 
agency the American people deserve.
    And that is the purpose of today's hearing, to have a frank 
discussion about the areas this committee needs to focus on 
during the 110th Congress.
    Let me just say I am troubled that the department is on 
GAO's 2007 high-risk list, but I have to admit that it comes as 
no surprise. The department was on the last high-risk list 
published in 2005.
    However, I am surprised to learn that the department has 
not even taken the first step to get off the list. They have 
not provided GAO with a complete corrective action plan.
    On Friday, Mr. Chertoff will be here. I intend to ask him 
when corrective action plans will be provided to GAO. I know 
that writing these plans may be hard, but every journey must 
start with a single step.
    I am concerned that the IG has repeatedly found problems 
with the department's financial management. This department has 
never produced a clean financial statement. The American 
taxpayers expect a federal agency to be able to report how it 
is spending our money. I think we in Congress share that 
expectation.
    I look forward to hearing the testimony of our witnesses 
today.
    The chair now recognizes the ranking member of the full 
committee, the gentleman from New York, Mr. King, for an 
opening statement.

   Prepared Statement of the Honorable Bennie G. Thompson, Chairman, 
                     Committee on Homeland Security

    Today we will hear testimony from two distinguished witnesses. 
Combined, they have written hundreds of reports detailing the problems 
and challenges facing the Department of Homeland Security.
    From the outset, it was clear that the transformation of 22 
agencies into one unified Department would be a major challenge. But we 
expected that by the fourth year of this endeavor, the Department would 
be well on the path to stability. Regrettably, instead DHS seems to be 
wandering aimlessly toward an uncertain destination.
    It is because of DHS importance to our nation's security that we 
must not allow basic problems of organizational structure and 
administrative weakness to continue to hamper its ability to accomplish 
its mission.
    Unfortunately, that is what appears to be happening.
    In Hurricane Katrina, we saw first-hand that the failure to get 
routine management, procurement, and financial systems under control 
can does hinder and sometimes even halts the ability of this agency to 
get the job done. The kind of dysfunction that occurred in response to 
Hurricane Katrina cannot become standard practice for this Department.
    It will take aggressive oversight to get DHS on track. Our combined 
efforts--Congress, GAO and the Inspector General--are vital if the 
Department is to become the kind of agency the American people deserve.
    And that is the purpose of today's hearing--to have a frank 
discussion about the areas this Committee needs to focus on during the 
110th Congress. Let me just say, I am troubled that the Department is 
on GAO's 2007 high risk list. But I have to admit that it comes as no 
surprise. The Department was on the last HIGH RISK list, published in 
2005. However, I am surprised to learn that the Department has not even 
taken the first step to get off the list. They have not provided GAO 
with a complete corrective action plan. On Friday, Mr. Chertoff will be 
here. I intend to ask him when corrective action plans will be provided 
to GAO. I know that writing these plans may be hard, but every journey 
must start with a single step.
    I am also concerned that the IG has repeatedly found problems with 
the Department's financial management. This Department has never 
produced a clean financial statement. The American taxpayers expect a 
federal agency to be able to report how it is spending our money. I 
think we in Congress share that expectation.

    Mr. King. Yes, I thank Chairman Thompson for recognizing 
me.
    And let me at this first full committee hearing commend him 
and congratulate him on his accession as chairman of the full 
committee and, as I have done before, pledge him my full 
cooperation and thank him for the extraordinary cooperation 
that has gone on, not just between ourselves and among the 
members but also between our staffs.
    And I think both of us approach this as being a 
nonpartisan, bipartisan effort. And while there may be specific 
policy differences as we go forward, I assure him that we will 
operate in good faith. And I know that he has certainly 
demonstrated that good faith to me.
    As far as the hearing today, I think this is a very vital 
hearing. It is a very important hearing, realizing that now 
this is the fourth year of the department and, obviously, I 
believe more progress should have been made.
    At the same time, I believe there has been considerable 
progress. I don't think it is any accident that we have not 
been attacked in 4 years.
    The chairman mentioned Katrina, which obviously was a 
disaster at many levels: at the local level, at the state 
level, and indeed, at the federal level, where while the Coast 
Guard performed admirably and the military performed admirably; 
FEMA did not. And I am proud that last year, in a genuine 
bipartisan effort, we were able to restructure and reform FEMA. 
And thus far, the results are very positive.
    Just last week's tornado in Florida by all accounts--I was 
speaking to members of Congress who were involved and some 
state officials. It appears that FEMA moved quickly, moved 
effectively and that Director Paulson is doing a fine job. But 
again, the full verdict is not in, and more remains to be done. 
And it is certainly a work in progress.
    As far as oversight of the department, obviously that has 
to be done. I believe in the last session at that time Chairman 
Rogers held a number of hearings which were very significant 
and did expose severe shortcomings within the Department of 
Homeland Security. So we can either look at the glass as being 
half full or half empty.
    But the bottom line is both the chairman and I strongly 
believe that we have to go forward, we have to have aggressive 
oversight. We have to have aggressive investigations. I look 
forward to the testimony of the witnesses. Both of you have a 
particularly vital role to play. And I can assure you that your 
recommendations, your findings will be taken very seriously on 
our side of the aisle. And I know they will on the majority's 
side.
    So with that, I will yield back the balance of my time and 
look forward to the statements of the witnesses.
    Chairman Thompson. Thank you very much.
    I, too, want to echo what the ranking member said about the 
cooperative relationship between Democrats and Republicans on 
this committee. It has been good.
    We all hold our responsibility very seriously. And we look 
forward to continuing that relationship with the change. And I 
think you will readily be able to see that as time goes on.
    Other members of the committee are reminded that, under 
committee rules, opening statements may be submitted for the 
record.
    I now welcome our panel of witnesses.
    Our first witness, Mr. David Walker, began his 15-year term 
as the comptroller general of the United States in 1998. As 
comptroller general, Mr. Walker is the nation's chief 
accountability officer and head of the U.S. Government 
Accountability Office.
    Our second witness, Mr. Richard Skinner, was confirmed as 
the Department of Homeland Security's inspector general in 
2005. Prior to his appointment, Mr. Skinner served as deputy 
inspector general of the department since March of 2003. Truly, 
he has been with the department since its inception and knows 
it better than just about anyone in government.
    Without objection, the witnesses' full statements will be 
inserted into the record.
    I now ask each witness to summarize his statement for 5 
minutes, beginning with Mr. Walker.

 STATEMENT OF HON. DAVID M. WALKER, COMPTROLLER GENERAL OF THE 
        UNITED STATES, GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Walker. Chairman Thompson, Ranking Member King, other 
members of the committee, I appreciate the opportunity to be 
before you to address the management and programmatic 
challenges relating to the Department of Homeland Security.
    As all of you know, I have spoken extensively about our 
nation's fiscal challenges and the need for fiscal prudence and 
stewardship. However, irrespective of our fiscal situation, it 
is very important for all departments and agencies, including 
the Department of Homeland Security, to operate as efficiently 
and effectively as possible in carrying out their mission.
    We first designated at GAO the DHS's implementation and 
transformation effort as a high-risk area in January of 2003.
    As members of this committee are very familiar with, DHS 
represented the second largest reorganization in the history of 
the United States government, the first being the creation of 
the Department of Defense in 1947. This is the 60th anniversary 
of the Department of Defense, and we need to be in a lot better 
shape in Homeland Security after 60 years than DOD is on the 
management side. And let's hope we can.
    The government pulled together 22 different agencies with 
different cultures, with different systems, with different 
traditions, with their own problems, and, quite frankly, many, 
if not most, of these agencies were not primarily focused on 
homeland security before September 11, 2001. So that is a major 
transformation challenge.
    We continued to have this on our high-risk list in 2005 and 
2007, which was issued last week, for a variety of reasons. And 
I will summarize a few.
    Although DHS has issued guidance and plans to assist 
management in the overall integration and transformation 
effort, it lacks a comprehensive and integrated strategy with 
specific overall goals, timelines and an accountability 
mechanism as well as a team that is dedicated full-time to 
support its overall transformation integration efforts.
    DHS has a strategic plan. However, DHS and its components 
must improve its planning by linking resources, which are 
limited, to its goals and by promoting greater stakeholder 
involvement to ensure that its resources are targeted toward 
the highest priorities.
    In this regard, DHS also needs to improve its risk 
assessment process because, by definition, there is no such 
thing as zero risk in today's world, and therefore, choices 
have to be made about how to allocate limited resources to 
mitigate the most risks. DHS is committed to a more risk-based 
approach, but more progress needs to be made.
    DHS has been unable to withstand an audit. It has 10 major 
internal control weaknesses. And it also has a number of other 
compliance challenges.
    So these are a few of the challenges, not to mention human 
capital and acquisition, which obviously are challenges as 
well.
    From a program standpoint, strengthening cargo and 
passenger screening, visitor tracking and efforts to combat 
illegal employment of non-citizens and non-legal residents is a 
major challenge.
    The Coast Guard's asset upgrading is a challenge on the 
acquisition side. Balancing homeland security and personal 
privacy is also a continuing challenge. Improving our disaster 
preparedness and response efforts continues to be a major 
challenge in light of Katrina, although progress has been made.
    In summary, let me note that some progress clearly has been 
made. But major challenges remain. It is going to take a number 
of years for us to get to where we need to be with regard to 
the Department of Homeland Security. Even in the private 
sector, it takes 5 to 7 years, minimum, to engage in a major 
transformation effort and able to have it stick beyond the 
current leadership. It is going to take longer than that at 
DHS.
    All the more important to have a strategic integrated plan 
with key metrics and milestones and appropriate accountability 
mechanisms. It may also be important for DHS to have a chief 
management official, which it has one now, but might need to be 
restructured in order to help ensure success going forward.
    Last, let me close by saying that both Rick and I yesterday 
testified before the Appropriations Homeland Security 
Subcommittee on a similar topic. And one of the issues that we 
both noted was that both of us have a number of frustrations 
with regard to failure to get timely access to documents and 
individuals at the Department of Homeland Security. This is a 
serious systemic issue.
    I was, however, disappointed by some of our friends in the 
fourth estate, namely the press, because neither Rick nor I 
mentioned any particular person by name. Nor did we mention the 
relationship of any particular persons at DHS with other high 
ranking officials in this administration. This is a serious 
systemic problem. No one person is to blame.
    But this current situation needs to change. It takes us way 
too long to get information. And there are way too many lawyers 
involved, which frustrates our access. And if our access is 
frustrated, it means we can't do the job necessary to support 
the Congress in discharging its constitutional 
responsibilities.
    Thank you.
    [The statement of Mr. Walker follows:] \1\
---------------------------------------------------------------------------
    \1\ See GAO, ``HOMELAND SECURITY Management and Programmatic 
Challenges Facing the Department of Homeland Security'', GAO-07-452T, 
Wednesday, February 7, 2007, at www.gao.gov/cgi-bin/gerpt?GAO-07-452T.
---------------------------------------------------------------------------
    Chairman Thompson. Thank you very much, Mr. Walker.
    I now recognize Mr. Skinner to summarize his statement for 
5 minutes.

     STATEMENT OF HON. RICHARD SKINNER, INSPECTOR GENERAL, 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Skinner. Thank you, Chairman Thompson, Ranking Member 
King and members of the committee. Thank you for having me here 
today.
    Today what I would like to do is just focus on the 
management support activities within FEMA. And that is 
financial management, information technology management, 
acquisition management and grants management.
    Each of these activities transverses everything the 
department does in all of its programs and all of its 
operations. And each of these activities can have a profound 
and direct impact on the ability for the department to carry 
out its mission.
    First, there are two important points I would like to make. 
And Dave hit on one of them. And that is the environment in 
which the department was stood up.
    We have to keep in mind that when the department was stood 
up in March of 2003, we brought together 22 disparate agencies 
with their own cultures and ways of doing business. They also 
brought with them their own management challenges, their own 
material weaknesses and their own problems.
    At the same time when we stood up, I believe the 
department's management support activities were short-changed. 
That is, while we brought in the entire operational assets of 
these agencies and all of their programs on side of the ledger, 
on the other side of the ledger, we did not bring in a 
proportionate share of management support activities to support 
those programs and activities and operations.
    And to compound matters, the Management Directorate was 
asked to support a new component in the office such as Science 
and Technology and the Intelligence Analysis Directorate and 
the Infrastructure Protection Directorate.
    We have to remember that this was more than just a merger 
of 22 agencies. It was also an acquisition. It was a 
divestiture. It was a startup.
    With regards to the financial management, as you know, 
there were 4 years in a row now we were not able to offer an 
opinion on the department's financial statements. In essence, 
for the first 3 years, we just squandered 3 years.
    The first year we went through the artificial exercise of 
trying to prepare consolidated financial statements when, in 
fact, we didn't even know what the components' capabilities 
were or what their systems were capable of producing, let alone 
what the staff resources capabilities were. And we were trying 
to do this with a skeleton staff at headquarters.
    We did the same thing for the second year. The second year 
we went in and started focusing on doing electronic measure or 
electronic merger of information. But again, this was e-merge. 
And again, we still did not have a real clear understanding 
what was going on within the department at the component level.
    The third year we just ran in place. We had leadership 
change. We had reorganization.
    And then in the fourth year, although we issued a 
disclaimer, behind the scenes there was considerable 
improvements. For the first time ever, we started delving in 
and digging down deep down to the root causes of our material 
weaknesses.
    And just recently the department has developed corrective 
action plans. They are going to roll that up into a 
departmental-wide playbook with performance matrix goals and 
objectives.
    We participated, reviewed that, offered recommendations. 
And as it stands right now, we now have a long-term plan, and 
we hope we can offer an unqualified opinion as soon as 2009.
    With regards to the information technology, there too we 
have some major management challenges, both at the component 
level and at the department-wide level.
    The department has made progress. Although slow, it has 
made progress. We brought in over 2,000 systems. We have now 
been able to reduce those down to 200 systems. As of September 
30, 2006, we have credited and certified 85 percent of those 
systems.
    But there is still a lot more that we need to do. We still 
do not have a department-wide platform or IT network. We still 
have to remove stovepipes. This is particularly obvious in our 
intelligence activities. We have intelligence functions 
throughout the department that they can't talk to one another. 
And therefore, we can't connect the dots.
    With regards to acquisition management, obviously this is 
where our greatest exposure to fraud, waste and abuse is. The 
problem really dates back government-wide into the 1990s, our 
shortsighted policies reducing the size of the federal 
workforce.
    On one hand, we were reducing the workforce. Who got hit 
the hardest? Generally the management support activities, 
particularly procurement. On the other side, or on the other 
hand, we were increasing our procurement activities and our 
reliance on contractors. This is most evident within DHS where 
our reliance on contractors is very, very great.
    If you look at our expenditures last year, over 40 percent 
of our budget, $16 billion, was spent on contracts alone. This 
compounded by the fact--I mean, we are in a catch-22 situation 
here. We don't have the capability on one hand, the 
infrastructure, to service all of these contracts. Yet we can't 
slow them down or we can't stop them because of the urgency of 
our mission.
    What we have to do is proceed very cautiously on how we are 
administering these contracts. And we have to find alternative 
ways to ensure that we are getting our dollar's worth.
    The last thing I wanted to touch upon is grants management. 
And again, this is something I think we need to take in more--
and this includes Congress--needs to take a close look of how 
we are delivering grants to our state and local partners.
    If you look at our 2008 budget, for example, of all the 
various grant programs we have, my fear is that we have become 
stovepiped and, as a result, we are not as efficient with our 
dollars as we should be.
    The things that I think need to be considered is how we can 
better involve the states in administering these grants on a 
state-wide basis. And we also have to invest in resources to 
ensure that we can provide oversight for those funds and 
technical assistance to the states.
    And finally, I think it is very important that we have 
mechanisms in place to evaluate how well we are doing, what is 
the impact of those grants, what are we receiving for our 
money. Because a lot of money each year is being spent on our 
grant programs.
    Thank you. That concludes my opening remarks.
    [The statement of Mr. Skinner follows:]

         Prepared Statement of the Honorable Richard L. Skinner

    Good afternoon, Mr. Chairman and Members of the Committee. I am 
Richard L. Skinner, Inspector General for the Department of Homeland 
Security (DHS). Thank you for the opportunity to discuss the major 
management challenges facing DHS.
    Since its inception in 2003, DHS has worked to accomplish the 
largest reorganization of the federal government in more than half a 
century. This task, creating the third largest Cabinet agency with the 
missions of protecting the country against another terrorist attack, 
responding to threats and hazards, ensuring safe and secure borders, 
welcoming lawful immigrants and visitors, and promoting the free flow 
of commerce, has presented many challenges to its managers and 
employees. While DHS has made progress, it still has much to do to 
establish a cohesive, efficient, and effective organization.
    The major management challenges that we identify facing DHS 
represent risk areas that we use in setting our priorities for audits, 
inspections, and evaluations of DHS programs and operations. These 
challenges are included in the department's Performance and 
Accountability Report, which was issued on November 15, 2006. As 
required by the Reports Consolidation Act of 2000, we update our 
assessment of management challenges annually. Our latest major 
management challenges report covers a broad range of issues, including 
both program and administrative challenges. In total, we identified 
nine categories of challenges including Catastrophic Disaster Response 
and Recovery, Acquisition and Contract Management, Grants Management, 
Financial Management, Information Technology Management, Infrastructure 
Protection, Border Security, Transportation Security, and Trade 
Operations and Security. A copy of that report is provided for the 
record. I believe the department recognizes the significance of these 
challenges and understands that addressing them will take a sustained 
and focused effort.
    Today, I would like to highlight four specific management 
challenges facing the department:
         Financial management,
         Information technology management,
         Acquisition management, and
         Grants management.
    These areas are the backbone of the department and provide the 
structure and information to support the accomplishment of DHS' 
mission. Some aspects of these challenges were inherited by the 
department from their legacy agencies. However, the complexity and 
urgency of DHS' mission have exacerbated the challenge in many areas.
    These management challenges significantly affect the department's 
ability to carry out its operational programs and provide the services 
necessary to protect the homeland. The department's senior officials 
are well aware of these issues and are making progress in resolving 
them. Our oversight in these areas is intended to facilitate solutions. 
For example, our audits in the area of acquisition management have 
identified past trends and future risk areas. In November, we issued an 
SBInet Risk Advisory report with recommendations for better managing 
the risks associated with this major procurement. Also, during the past 
year, we issued a series of audits assessing the department's 
corrective action plans related to financial management improvements. 
We will continue our intense oversight of these management areas to 
ensure that solutions and corrective measures are identified and acted 
upon.

FINANCIAL MANAGEMENT
    Financial management has been a major challenge for DHS since its 
creation in 2003. In 2006, DHS was again unable to obtain an opinion on 
its financial statements, and numerous material internal control 
weaknesses continued to be reported. KPMG, LLP, under contract with the 
Office of Inspector General (OIG), has consistently issued a disclaimer 
of opinion on DHS' financial statements.
    DHS' material internal control weaknesses ranged from financial 
management oversight and reporting at the department level to controls 
surrounding the recording of individual account balances within DHS 
bureaus. These control weaknesses, due to their materiality, are 
impediments to obtaining a clean opinion and providing positive 
assurance over internal controls at the department level. Achieving 
these departmental goals is highly dependent upon internal control 
improvements at the United States Coast Guard (USCG), Immigration and 
Customs Enforcement (ICE), the Transportation Security Administration 
(TSA), and the Office of the Chief Financial Officer.
    To move forward, DHS must develop a comprehensive financial 
management strategy that addresses organizational resources and 
capabilities, inconsistent and flawed business processes, and 
unreliable financial systems. An initial step in this process is to 
prepare well-developed and comprehensive corrective action plans to 
address known internal control weaknesses. During this past year, the 
department has taken a thoughtful approach to developing such a plan 
and has begun to implement corrective actions.
    Concurrent with the department's efforts, we initiated a series of 
performance audits to assess the effectiveness of DHS' corrective 
action plans to address internal control weaknesses. Our objective in 
conducting these performance audits was to determine the thoroughness 
and completeness of both the overall corrective action plan process and 
individual component plans developed to address specific financial 
control weaknesses. These performance audits are intended to provide 
ongoing feedback to DHS as it is developing and implementing corrective 
action plans.
    During fiscal year 2006, we anticipated progress in addressing 
internal control deficiencies. DHS identified four areas for 
improvement during the year. However, in our corrective action plan 
audits, we reported that a coordinated, department-wide effort to 
develop corrective action plans did not begin until the third quarter 
of 2006 and is now in the process of being finalized. At the component 
level, we identified well-developed corrective action plans at ICE, but 
significant work remains ahead for the Coast Guard. During 2006, ICE 
began its corrective action plan process early and our audit results 
showed internal control improvements during the fiscal year.
    In addition, the Federal Emergency Management Agency (FEMA) issued 
approximately 2,700 mission assignments totaling about $8.7 billion to 
federal agencies to help with the response to Hurricane Katrina. FEMA 
historically has had significant problems issuing, tracking, 
monitoring, and closing mission assignments. FEMA guidance on mission 
assignments is often vague, and agencies' accounting practices vary 
significantly, causing problems with reconciling agencies' records to 
FEMA records. FEMA has developed a number of new, predefined mission 
assignments to streamline some of the initial recurring response 
activities. In addition, FEMA's Disaster Finance Center is working to 
find a consensus among other federal agencies on appropriate supporting 
documentation for billings. We are conducting a review of mission 
assignments to DHS agencies and other Inspectors General are reviewing 
mission assignments to their respective agencies.

INFORMATION TECHNOLOGY MANAGEMENT
    Integrating the information technology (IT) systems, networks, and 
capabilities of the various legacy agencies to form a single 
infrastructure for effective communications and information exchange 
remains one of DHS' biggest challenges. There are multiple aspects to 
achieving such an IT infrastructure, as outlined below.

Security of Information Technology Infrastructure
    The security of the IT infrastructure is another major management 
challenge. As we reported in September 2006, based upon its annual 
Federal Information Security Management Act evaluation, excluding its 
intelligence systems, DHS achieved a significant milestone toward 
strengthening its information security program by implementing a 
department-wide remediation plan to certify and accredit all 
operational systems by the end of fiscal year 2006. Further, some of 
the means to assist DHS and its components in the implementation of its 
information assurance program, which we identified in our fiscal year 
2005 Federal Information Security Management Act report, also have been 
addressed, such as developing a process to maintain a comprehensive 
inventory.
    However, additional information security audits we conducted this 
past year showed challenges remain in controlling and addressing a 
number of IT risks and vulnerabilities. These audits involved DHS 
networks, databases, laptops, and Radio Frequency Identification 
systems, as well as of major programs such as the Transportation 
Workers Identification Credential and United States Visitor and 
Immigrant Status Indicator Technology.
    Specifically, DHS organizational components, through their 
Information Systems Security Managers, have not completely aligned 
their respective information security programs with DHS' overall 
policies, procedures, and practices. Further, while DHS has issued 
substantial guidance designed to create and maintain secure systems, 
there exist areas where agency-wide information security procedures 
require strengthening:
         Certification and accreditation;
         Vulnerability testing and remediation;
         Contingency plan testing;
         Incident detection, analysis, and reporting;
         Security configurations; and
         Specialized security training.
    To address these issues, the Chief Information Officer must 
identify ways to improve the review process and increase the 
accountability of DHS component organizations. The department also must 
establish a comprehensive management authority to ensure the 
confidentiality, integrity, and availability of its vital intelligence 
information.

Department-wide IT Infrastructure
    Creating an adequate capability for relocating mission-critical 
information systems to an alternate disaster recovery site in the event 
of extended service disruptions or emergencies is one concern. The 
department's IT infrastructure remains a collection of legacy networks, 
systems, and data centers. Several elements of this IT infrastructure 
do not have the ability to relocate to an alternate site that can be 
used if their primary facility suffers an extended outage or becomes 
inaccessible. However, due to a lack of sufficient funding and an 
operational program to support an enterprise-wide disaster recovery 
solution, DHS has been hindered in its efforts to provide an alternate 
processing facility. This inability to restore the functionality of 
DHS' critical IT systems following a service disruption or disaster 
could negatively affect accomplishment of a number of essential DHS 
missions, including passenger screening, grants processing, and 
controlling the flow of goods across U.S. borders.
    Similarly, significant resources and oversight are also needed to 
accomplish the major undertakings of upgrading the DHS data 
communications infrastructure and consolidating the various 
organizations that provide data communications support. Currently, the 
department is in the process of eliminating redundant firewalls, 
replacing hardware encryption devices, and combining operations 
centers--activities that are essential to supporting the efficient, 
effective, and secure exchange of mission-critical information both 
within DHS and with outside stakeholders.

DHS Component IT Management
    IT management at the subcomponent level remains a major challenge, 
as demonstrated by our audits and subsequent reports on the IT programs 
and initiatives of selected DHS directorates and organizations. Our 
November 2006 followup assessment reports that the United States 
Citizenship and Immigration Services (USCIS) has made some progress by 
placing priority on business transformation, taking steps to centralize 
authority for IT personnel, initiating business process reengineering 
activities, and upgrading desktops and servers at key field locations. 
However, USCIS remains entrenched in a cycle of continual planning, 
with limited progress toward achieving its long-term transformation 
goals. Until USCIS addresses this issue, the bureau will not be in a 
position to manage existing workloads or handle the potentially 
dramatic increase in immigration benefits processing workloads that 
could result from proposed immigration reform legislation. Similarly, 
our December 2006 followup assessment of FEMA's efforts to upgrade its 
principal disaster management system shows that the agency has made 
progress in meeting short-term systems needs; however, more remains to 
be done to address long-term planning and systems integration.
    Our reviews of major IT programs and initiatives of the various 
components also indicate program management problems. For example, in 
September 2005, we reported that FEMA could benefit from improvements 
to its 6-year, $1.5 billion program to digitize the maps used to 
identify flood zones and determine insurance requirements. Although 
FEMA is making progress in the flood map modernization program, FEMA 
can better ensure program success by:
         Reviewing and revising its mapping plan,
         Enhancing program guidance,
         Increasing contractor oversight,
         Improving coordination with stakeholders,
         Clearly defining requirements and contractor 
        expectations, and
         Maintaining standard methodologies for mapping system 
        development.
    Similarly, in August 2006, we reported on improvements USCG could 
make in its efforts to design and implement command, control, 
communications, computers, intelligence, surveillance, and 
reconnaissance (C4ISR) systems as part of its estimated $24 billion 
Integrated Deepwater System (Deepwater) program. Although the USCG has 
made progress in the program, problems with contract oversight, 
requirements management, systems certification and accreditation, and 
IT testing place the Deepwater IT acquisition and C4ISR operations at 
risk. Insufficient C4ISR funding has restricted accomplishing the 
``system-of-systems'' objectives that are fundamental to ensuring 
interoperability of Deepwater assets, such as ships and aircraft. 
Meeting the training and IT support needs of Deepwater C4ISR users also 
is key.

Information Sharing
    The Homeland Security Act of 2002 makes coordination of homeland 
security communication with state and local government authorities, the 
private sector, and the public a key DHS responsibility. However, due 
to time pressures, DHS did not complete a number of the steps essential 
to effective planning and implementation of the Homeland Security 
Information Network (HSIN)--the sensitive, but unclassified system it 
instituted to help carry out this mission. As such, effective sharing 
of the counter-terrorist and emergency management information critical 
to ensuring homeland security remains an ongoing challenge for the 
department. Resources, legislative constraints, privacy, and cultural 
challenges--often beyond the control of HSIN program management--pose 
obstacles to HSIN's success.
    On a broader scale, DHS is challenged with incorporating data 
mining into its overall strategy for sharing information to help detect 
and prevent terrorism. Data mining aids agents, investigators, and 
analysts in the discovery of patterns and relationships from vast 
quantities of data. The Homeland Security Act authorizes DHS to use 
data mining and tools to access, receive, and analyze information. Our 
August 2006 report on DHS data mining activities identified various 
stove-piped activities that use limited data mining features. For 
example, Customs and Border Protection performs matching to target 
high-risk cargo. The United States Secret Service automates the 
evaluation of counterfeit documents. TSA collects tactical information 
on suspicious activities. ICE detects and links anomalies indicative of 
criminal activity to discover relationships. However, without 
department-wide planning, coordination, and direction, the potential 
for integrating advanced data mining functionality and capabilities to 
address homeland security issues remains untapped.
    Hurricane Katrina also highlighted the need for data sharing among 
federal agencies following a catastrophic disaster. We see a need for 
data sharing in three areas:
         Real-time data exchange among agencies would help 
        verify eligibility of applicants for disaster assistance and 
        simplify the application process for victims.
         Direct access to FEMA data by law enforcement agencies 
        would help identify and track convicted sex offenders and 
        suspected felons, and help locate missing children.
         Computer data matching would help to prevent 
        duplicative payments and identify fraud.
    FEMA is moving in the right directions on these issues. For 
example, FEMA has granted direct access to its data to the Hurricane 
Katrina Fraud Task Force for the purpose of investigating fraud. 
However, progress is slow and much remains to be done. FEMA and the 
federal community are not ready to meet the data sharing demands of the 
next catastrophic disaster.
    Another example of vital information sharing is the National Asset 
Database. The National Infrastructure Protection Plan envisions a 
comprehensive, national inventory of assets, known as the National 
Asset Database, to help DHS coordinate the effort to protect the 
nation's critical infrastructure and key resources. DHS is responsible 
for integrating efforts to protect the chemical industry; commercial 
facilities; dams; emergency services; commercial nuclear reactors, 
materials, and waste; information technology; telecommunications; 
postal and shipping; transportation systems; and government facilities. 
A maturing National Asset Database is essential to developing a 
comprehensive picture of the nation's critical infrastructure and key 
resources. Management and risk-based resource allocation decisions 
depend on having this comprehensive picture. As we reported in fiscal 
year 2006, DHS is improving the development and quality of the National 
Asset Database. We will continue to monitor and review how DHS uses the 
National Asset Database to support its risk management framework, how 
it coordinates infrastructure protection with other sectors, and how 
its pursuit of basic vulnerability assessment standards can help 
develop overarching departmental priorities.

ACQUISITION AND CONTRACT MANAGEMENT
    Acquisition management is not just awarding a contract, but 
fulfilling a mission need through a thoughtful, balanced approach that 
considers cost, schedule, and performance. The urgency and complexity 
of DHS' mission will continue to demand rapid pursuit of major 
investment programs. In 2006, DHS spent about 40% of its budget through 
contracts.
    DHS must have an infrastructure in place that enables it to oversee 
effectively the complex and large dollar procurements critically 
important to achieving the DHS mission. While DHS continues to build 
its acquisition management capabilities in the component agencies and 
on the department-wide level, the business of DHS goes on and major 
procurements continue to move. We identified significant risks and 
vulnerabilities that might threaten the integrity of DHS' acquisition 
management program. In general, DHS needs to improve its major 
acquisitions planning, operational requirements definition, and 
implementation oversight.
    The prerequisite for effective acquisitions, that is, obtaining the 
right, cost-effective systems and equipment to accomplish DHS' 
missions, is program management. Complex and high-dollar contracts 
require multiple program managers, often with varying types of 
expertise. Several DHS procurements have encountered problems because 
contract technical and performance requirements were not well defined. 
DHS needs:
         More certified program managers;
         Comprehensive department-wide standards for program 
        management;
         A strengthened investment review board process to 
        provide greater independent analysis and review;
         Better defined technical requirements; and
         More balance among schedule, cost, and performance 
        when expediting contracts.
    The Office of the Chief Procurement Officer recently established a 
program management advisory board, established standards for certifying 
program managers, and promoted program management training 
opportunities. The Office of the Chief Procurement Officer is assisting 
program offices with acquisition planning, including templates and one-
on-one assistance.
    In their transition into DHS, seven agencies retained their 
procurement functions, including USCG, FEMA, and TSA. The expertise and 
capability of the seven procurement offices mirrored the expertise and 
capability they had before creation of DHS, with staff size that ranged 
from 21 to 346 procurement personnel. DHS established an eighth 
acquisition office, the Office of Procurement Operations, under the 
direct supervision of the Chief Procurement Officer, to service the 
other DHS components and manage department-wide procurements. Many DHS 
procurement offices reported that their lack of staffing prevents 
proper procurement planning and severely limits their ability to 
monitor contractor performance and conduct effective contract 
administration. The fiscal year 2007 DHS Appropriations Act provides 
over 400 additional contract specialist positions to alleviate part of 
the shortfall. Moreover, DHS is planning a contracting fellows program 
with up to 100 entry-level positions to begin in fiscal year 2008.
    In addition to awarding contracts, the Office of the Chief 
Procurement Officer helps DHS components adhere to standards of conduct 
and federal acquisition regulations in awarding and administering 
contracts. This oversight role involves developing department-wide 
policies and procedures, and enforcing those policies and procedures.
    Both our office and the Government Accountability Office have 
reported that the Office of the Chief Procurement Officer needs more 
staff and authority to carry out its general oversight 
responsibilities. The Government Accountability Office recommended that 
DHS provide Office of the Chief Procurement Officer sufficient 
resources and enforcement authority to enable effective, department-
wide oversight of acquisition policies and procedures. We made a 
similar recommendation. The DHS, in response to our December 2006 
report, Major Management Challenges Facing the Department of Homeland 
Security, said that it disseminated the Acquisition Professional 
Management Directive to identify and certify appropriately trained and 
experienced program managers, contracting officer's technical 
representatives, and authorized buying agents. It also has certified 
348 program managers since 2004, and continues to focus on 
qualifications and placement.
    During fiscal year 2006, the Under Secretary for Management 
established policies for acquisition oversight and directed each of the 
eight heads of contracting activities to measure and manage their 
acquisition organizations. Also, the number of oversight specialists in 
the Acquisition Oversight Division is authorized to expand to nine 
during fiscal year 2007. The Office of the Chief Procurement Office has 
undertaken an outreach program to involve DHS component staff to manage 
effectively and assist in acquisition oversight.

Common Themes in Our Audits of DHS Contracts
    In prior years, we conducted audits and reviews of individual DHS 
contracts, such as TSA's screener recruiting and TSA's information 
technology services. More recently, we have completed audits relating 
to the SBInet program, the Coast Guard's Deepwater program, and FEMA 
contracting. Common themes and risks emerged from these audits, 
primarily the dominant influence of expediency, poorly defined 
requirements, and inadequate oversight that contributed to ineffective 
or inefficient results and increased costs.
    The department continues to pursue high-risk, complex, system-of-
systems acquisitions programs, such as SBInet and Deepwater. A 
performance-based acquisition strategy to address the challenges of 
these programs is, in our opinion, a good one. Partnering with the 
private sector adds fresh perspective, insight, creative energy, and 
innovation. It shifts the focus from traditional acquisition models, 
i.e., strict contract compliance, into one of collaborative, 
performance-oriented teamwork with a focus on performance, improvement, 
and innovation. Nevertheless, using this type of approach does not come 
without risks. To ensure that this partnership is successful, the 
department must lay the foundation to oversee and assess contractor 
performance, and control costs and schedules. This requires more effort 
and smarter processes to administer and oversee the contractors' work.

Customs and Border Protection SBInet Program
    On November 2, 2005, DHS announced a multiyear strategy to secure 
America's borders and reduce illegal immigration, called the Secure 
Border Initiative (SBI). A critical element of the SBI initiative is 
the acquisition of technology, infrastructure, and personnel to gain 
operational control of the nation's border--SBInet. The SBInet 
procurement presents a considerable acquisition risk because of its 
size and scope. We see risks and vulnerabilities similar to those 
identified in previous OIG audits and reviews.
    Customs and Border Protection awarded a multiple-year systems 
integration contract in September 2006 to begin the SBInet multibillion 
dollar initiative. We have monitored the initiation of the SBInet 
program and provided a risk advisory with recommendations to address 
observed weaknesses in the program. The department was fully responsive 
during our SBInet review, agreed to our recommendations, and is 
planning and pursuing corrective actions. However, the SBInet 
procurement continues to present a considerable acquisition risk 
because of its size and scope.
    Our main concern about SBInet is that DHS is embarking on this 
multibillion dollar acquisition project without having laid the 
foundation to oversee and assess contractor performance and effectively 
control cost and schedule. DHS has not properly defined, validated, and 
stabilized operational requirements and needs to do so quickly to avoid 
rework of the contractor's systems engineering and the attendant waste 
of resources and delay in implementation. Moreover, until the 
operational and contract requirements are firm, effective performance 
management, and cost and schedule control, are precluded. As 
acknowledged in our report, the department took actions to mitigate 
risk during the course of our review and is planning further actions to 
establish an effective performance management system for SBInet.
    We also reported that the department does not have the capacity 
needed to effectively plan, oversee, and execute the SBInet program; 
administer its contracts; and control costs and schedule. The 
department's acquisition management function lacks the appropriate work 
force, business processes, and management controls for planning and 
executing a major acquisition program such as SBInet. Without a 
preexisting professional acquisition workforce, Customs and Border 
Protection has had to create staffing plans, locate workspace, and 
establish business processes, while simultaneously initiating one of 
the largest acquisition programs in the department. DHS needs to move 
quickly to establish the organizational capacity to properly oversee, 
manage, and execute the program.

Coast Guard's Deepwater Program
    USCG has also encountered a number of challenges in executing its 
Deepwater Acquisition program despite the expenditure of more than $3 
billion over 4 years. This is particularly true within the Deepwater 
surface and air domains. Most recently, we identified management 
deficiencies and inadequate technical oversight related to the 
acquisition of the National Security Cutter. In this case, the Coast 
Guard did not exercise sufficient oversight authority of the contract 
with Integrated Coast Guard Systems to address design deficiencies. 
Consequently, the National Security Cutter acquisition is expected to 
cost more than originally planned and the cutters may be subject to 
operational limitations that affect the ability of the Coast Guard to 
execute its Deepwater mission.
    Similar issues were previously identified related to the 110-foot 
patrol boat conversion project. This project was curtailed at eight 
cutters due to design, construction, performance, and cost concerns. In 
December, the Coast Guard decided to take the eight converted cutters 
out of service due to structural design deficiencies. In response to 
these challenges, USCG accelerated plans to design, construct, and 
deploy the composite Fast Response Cutter by more than 10 years as a 
replacement for the 110-foot patrol boat. However, an independent 
analysis has confirmed that the Fast Response Cutter design is outside 
patrol boat design parameters, i.e., too heavy, too overpowered, and 
not streamlined enough to reduce resistance. These concerns led to the 
USCG's April 2006 decision to suspend work on the Fast Response Cutter 
until these issues could be resolved or an alternative commercial off-
the-shelf design identified.
    In the Deepwater air domain, the HH-65C helicopter and unmanned 
aerial vehicle acquisitions have encountered schedule delays and cost 
increases. These Deepwater design, construction, performance, 
scheduling, and cost issues are expected to continue to present 
significant challenges to USCG's Deepwater Program in the future.
    The Coast Guard recognizes these challenges and is taking 
aggressive actions to strengthen program management and oversight--such 
as technical authority designation; use of independent, third party 
assessments; consolidation of acquisition activities under one 
directorate; and redefinition of the contract terms and conditions, 
including award fee criteria. Furthermore, and most importantly, the 
Coast Guard is increasing its staffing for the Deepwater program, and 
reinvigorating its acquisition training and certification processes to 
ensure that staff have the requisite skills and education needed to 
manage the program. These steps should go a long way in improving the 
management and oversight of the Deepwater program as it moves forward.

FEMA Procurements
    We have also focused substantial work on FEMA contracting and have 
identified numerous problems. FEMA is not well prepared to provide the 
kind of acquisition support needed for a catastrophic disaster. FEMA's 
overall response efforts suffer from:
         Inadequate acquisition planning and preparation for 
        many crucial needs;
         Lack of clearly communicated acquisition 
        responsibilities among FEMA, other federal agencies, and state 
        and local governments; and
         Insufficient numbers of acquisition personnel to 
        manage and oversee contracts.
    In February 2006, we reported that FEMA purchased mobile homes 
without having a plan for how the homes would be used. As a result, 
FEMA now has thousands of surplus mobile homes. In September 2006, we 
reported that FEMA spent $7 million renovating a facility to shelter 
evacuees. Because there was inadequate planning, the facility was never 
needed. As a result, the facility was underused and the monies spent to 
renovate were wasted.
    FEMA has already made improvements, such as increasing the number 
of standby contracts in place and ready to be executed when disaster 
strikes. Also, DHS created a Disaster Response/Recovery Internal 
Control Oversight Board to address many of the problems. We will soon 
conduct a review of FEMA's overall acquisition management structure to 
identify additional improvements that FEMA can make to be prepared 
better for the next catastrophic disaster. We will review 
organizational alignments and leadership, policies and procedures, 
FEMA's acquisition workforce, and its information management. We are 
also reviewing FEMA's system for accounting for property it has 
purchased for disasters.
    The urgency and complexity of DHS' mission will continue to demand 
rapid pursuit of major investment programs. While DHS continues to 
build its acquisition management capabilities in the component agencies 
and on the department-wide level, the business of DHS goes on and major 
procurements continue to move. Acquisition management will continue to 
be an intense area of oversight for our office and an ongoing focus of 
our audit efforts.

Providing Accurate and Timely Procurement Reporting
    In July 2006, we reported on the challenges that DHS faces in 
planning, monitoring, and funding efforts to ensure the accurate and 
timely reporting of procurement actions to interested stakeholders. The 
Executive Branch, the Congress, and the public rely upon such 
procurement information to determine the level of effort related to 
specific projects and also to identify the proportion of government 
contracts that are awarded to small businesses. Currently, however, DHS 
has several different contract-writing systems that do not 
automatically interface with its Federal Procurement Data Systems--Next 
Generation (FPDS-NG)--a government-wide procurement reporting system 
that is accessible by the public. Some of the systems may need to be 
replaced. Additionally, not all DHS procurements are entered into FPDS-
NG. For example, grants, mission assignments, and purchase card data 
may not be entered into FPDS-NG, resulting in an understatement of DHS' 
procurement activities.
    DHS has undertaken a number of initiatives to improve its reporting 
on procurement actions. These initiatives include interfacing the 
various DHS contract-writing systems with FPDS-NG and ensuring that all 
procurement information is entered into FPDS-NG immediately following 
contract award. Such initiatives will not only enable real-time 
reporting of DHS procurement actions, they also will allow DHS to rely 
on General Services Administration databases to help eliminate contract 
awards to ineligible vendors. The Office of the Chief Procurement 
Officer has worked with each of the DHS components to improve the 
accuracy, completeness, and timeliness of FPDS-NG data entry. DHS' 
planned deployment of a single, contract-writing software system should 
reduce duplicate data entry for each contract action. DHS is developing 
routine reporting for non-FPDS-NG instruments.

GRANTS MANAGEMENT
    Managing the multitude of grant programs within DHS poses a 
significant challenge. Further, the grant programs of other federal 
agencies that assist states and local governments in improving their 
abilities to prepare for, respond to, and recover from acts of 
terrorism or natural disasters compound this challenge. Congress 
continues to authorize and appropriate funding for individual grant 
programs within and outside of DHS for similar, if not identical, 
purposes. In total, DHS manages more than 80 disaster and nondisaster 
grant programs. For disaster response and recovery efforts, we have 
identified 36 federal assistance programs that have the potential for 
duplicating DHS grant programs. DHS must do more to coordinate and 
manage grants that are stove-piped for specific, but often related 
purposes, to ensure that they are contributing to our highest national 
preparedness and disaster recovery goals, rather than duplicating one 
another and being wasted on low-priority capabilities.
    Disaster grant awards will be substantially larger than usual with 
the more than $60 billion that Congress appropriated in late fiscal 
year 2005 for disaster response and recovery efforts related to 
Hurricanes Katrina, Wilma, and Rita. In the Gulf Coast states affected 
by these hurricanes, numerous federal grants from different agencies 
and components of DHS are going to state and local governments, private 
organizations, and individuals for response and recovery from the 
recent hurricanes, as well as for the next disaster or terrorist 
attack. We are currently reviewing disaster grant activities throughout 
the Gulf Coast and will continue to give special emphasis to Gulf Coast 
disaster response and recovery grant spending.
    In fiscal year 2007, DHS is expected to award about $3.4 billion in 
state and local preparedness grants. We are reviewing individual 
states' management of first responder grants and the effectiveness of 
DHS' system for collecting data on state and local governments' risk, 
vulnerability, and needs assessments. Our audits have reported on the 
states' inability to manage effectively and monitor these funds, and to 
demonstrate and measure improvements in domestic security. Our reports 
also pointed out the need for DHS to monitor the preparedness of state 
and local governments, grant expenditures, and grantee adherence to the 
financial terms and conditions of the awards.
    DHS faces a challenge in addressing its responsibility to become an 
efficient and effective grants manager. For example, while the Office 
of Grants and Training is tasked with financial and programmatic 
monitoring and oversight for first responder grants, the Office of 
Justice Programs with the Department of Justice does the accounting for 
these grants. Given the billions of dollars appropriated annually for 
disaster and nondisaster grant programs, DHS needs to ensure that 
internal controls are in place and adhered to, and grants are 
sufficiently monitored to achieve successful outcomes.
    DHS needs to ensure that, to the maximum extent possible, disaster 
and homeland security assistance go to those states, local governments, 
private organizations, or individuals eligible to receive such 
assistance and that grantees adhere to the terms and conditions of the 
grant awards. DHS needs to continue refining its risk-based approach to 
awarding first responder grants to ensure that areas and assets that 
represent the greatest vulnerability to the public are as secure as 
possible. It must incorporate sound risk management principles and 
methodologies to successfully prepare for, respond to, recover from, 
and mitigate acts of terrorism and natural disasters.
    DHS management recognizes these challenges. DHS is planning a study 
to provide a single grants management system for all nondisaster-
related grants. In addition, a risk-based grant allocation process was 
completed in fiscal year 2006. DHS risk analysis was a critical 
component of the process by which allocations were determined for such 
programs as the Homeland Security Grant Program, Transit Security Grant 
Program, Port Security Grant Program, and the Buffer Zone Protection 
Program.
    However, the support for the Gulf Coast hurricanes had a major 
impact on DHS OIG's nondisaster work, resulting in some delays of 
audits underway and planned, including the area of grants management. 
This negative impact was reduced as temporary staff were hired and 
trained, and employees detailed to Gulf Coast Hurricane Recovery 
returned to the Office of Audits.

CATASTROPHIC DISASTER RESPONSE AND RECOVERY
    In the wake of Hurricane Katrina, Congress responded quickly with 
funds for immediate relief and recovery efforts. To date, emergency 
appropriations totaling over $85 billion have been made available. 
Additionally, Congress enacted over $35 billion in mandatory spending/
tax bills, bringing total relief dollars to more than $122 billion.

[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

    [Source: Senate Budget Committee, August 22, 2006]
    Recognizing the need to protect taxpayers' dollars, the Office of 
Management and Budget, in early September 2005, mandated that the 
federal agencies involved in the disaster response and recovery efforts 
develop a stewardship plan. The plan sets the framework for mitigating 
risks associated with crisis procurement, managing the broad scope of 
oversight work, and overseeing contracts awarded.
    On the heels of the Office of Management and Budget/Department of 
Homeland Security plan, the Inspectors General (IGs) involved in 
oversight of disaster relief efforts developed a hurricane audit 
coordination model. The model helped determine which recovery 
activities each of the OIGs would audit and review.
    Moreover, the OIG community was well poised to address the need for 
oversight, as coordination of activities had already been established. 
Prior to Hurricane Katrina, the President's Council on Integrity and 
Efficiency (PCIE) and the Executive Council on Integrity and Efficiency 
(ECIE) established a Homeland Security Roundtable, based on their 
collective experience after the 9/11 attacks. The Roundtable was a 
natural focal point around which hurricane recovery oversight revolved. 
And, as Chairman of the PCIE's Homeland Security Roundtable, I was 
tasked with coordinating its activities. Needless to say, Hurricane 
Katrina oversight was our number one priority last year.
    Through the Roundtable, the OIG community has been successful in 
addressing issues of waste, fraud, and abuse. As of September 30, 2006, 
through our coordinated activities we have:
         Conducted audits or reviews of 835 contracts, 
        including 348 completed and 487 ongoing audits. These 835 
        contracts had a total contract value of $8.5 billion. Of this 
        amount, auditors reported questioned costs of $53.6 million, of 
        which $33.3 million was determined to be unsupported.
         Reviewed contracts resulting in $80.9 million in 
        taxpayer funds that could have been put to better use.
         Opened 1,756 cases, which resulted in 439 indictments, 
        407 arrests, and 255 convictions.
    Additionally, in September 2005, I established the Office of Gulf 
Coast Hurricane Recovery to take the lead in coordinating disaster-
related activities. I also appointed a separate Special Inspector 
General for Gulf Coast Recovery. This action allowed us to stay current 
on all disaster relief operations, and provide on-the-spot advice on 
internal controls and precedent-setting decisions.
    In turn, the lesson we learned from our experiences in Katrina 
oversight is that the presence of an office directly responsible for 
disaster assistance is essential. Therefore, in October 2006, we 
established the Office of Disaster Assistance Oversight (DAO) to take 
over, on a permanent basis, the work of the Office of Gulf Coast 
Hurricane Recovery. I also appointed a permanent Deputy Inspector 
General for Disaster Assistance Oversight.
    The creation of the DAO has strengthened our ability to react 
quickly and efficiently to a variety of disasters, and further advance 
our collaborative efforts with other federal IGs. DAO also coordinates 
the work of the 23 other federal IGs involved in the PCIE Roundtable; 
actively participates on the Department of Justice's Hurricane Katrina 
Fraud Task Force; and works closely with state and local auditors and 
inspectors general, as well as the Government Accountability Office.
    The DAO organizational structure to a great extent mirrors FEMA's 
structure with offices addressing Response, Recovery, Mitigation, and 
Acquisition. We have three field offices located in Oakland, 
California, Denton, Texas, and Atlanta, Georgia. Additionally, we have 
four suboffices co-located or near FEMA's Transitional Recovery 
Offices, which allow us to work closely with state and local auditors 
and inspectors general, as well as FEMA regional staff, in order to 
take a hands-on approach to our oversight efforts. With a total staff 
of 120 personnel exclusively dedicated to disaster oversight, our 
structure allows us to be efficient and effective, and to give counsel 
to address immediate oversight needs. As we continue into the recovery 
phase of the disaster, we are changing our oversight focus from 
immediate recovery to acquisition and contract management.
    Overall, the work completed by the Gulf Coast Hurricane Office and 
the DAO has been successful. However, in order to conduct the needed 
oversight of FEMA's readiness, preparation, response, and recovery 
related to Hurricane Katrina, we have had to substantially reallocate 
our inspectors, auditors, and evaluation resources.
----------------
    Mr. Chairman, this concludes my prepared statement. I have 
highlighted four specific management challenges facing the department--
financial management, information technology management, acquisition 
management, and grants management--that are the backbone of the 
department and provide the structure and information to support the 
accomplishment of DHS' mission. While some aspects of these challenges 
were inherited by the department from their legacy agencies, the 
complexity and urgency of DHS' mission has exacerbated the challenge in 
many areas.
    While the department's senior officials are well aware of these 
problems and are making progress in resolving these issues, we must 
continue to keep the department focused on these challenges. Our 
continued oversight in these areas is intended to facilitate solutions 
in order to significantly improve the department's ability to carry out 
its operational programs.
    I will be pleased to answer any questions you or the Members may 
have.

    Chairman Thompson. Thank you very much.
    I thank all the witnesses for their testimony.
    I will remind each member that he or she will have 5 
minutes to question the panel.
    I will now recognize myself for the beginning of the 
questions.
    Again, thank you very much for your very thoughtful 
testimony.
    I guess the first point for both of you gentlemen, Mr. 
Walker and Mr. Skinner, is: Do you presently have the resources 
necessary to do your job effectively?
    Mr. Walker, will you respond?
    Mr. Walker. I wouldn't say anything to you I haven't told 
the appropriators. I do not believe that we have been treated 
fairly in recent years.
    GAO generated a $105 return for every $1 invested in the 
agency, number one in the world. Second place is $10 to $1. And 
we haven't kept pace with inflation for the last 4 years. That 
is not in the interest of the Congress or the country. And I am 
hopeful that we can rectify that in our fiscal 2008 budget.
    Chairman Thompson. Thank you.
    Mr. Skinner?
    Mr. Skinner. Chairman Thompson, just like everyone else in 
government and everyone else in DHS, we could always use 
additional resources. We are stretched very, very, very thin. 
And as a result of the Katrina and the Gulf Coast disasters, 
which those expenditures are going to exceed probably when it 
is all over with well over $200 billion.
    We had to focus a lot of resources to provide oversight 
audits, inspections and investigations of activities that are 
occurring as a result of that very unfortunate event. That has 
really hurt us because we have had to take over 75 people out 
of our audit shop, investigation shop and reassign them to Gulf 
Coast operations, which is really having a real major effect on 
our ability to provide oversight in other parts of the 
department.
    Where we are really lacking, if anyone takes a close look 
at our performance plans and the results of our work, is that 
we are not providing the oversight of the billions of dollars 
that are spent each year in the grant arena, for example. It is 
just simply we don't have the resources to do it.
    Chairman Thompson. Thank you.
    Mr. Walker, you talked a little bit about interference with 
investigations and what have you. I am concerned about that, 
but I want both of you gentlemen to kind of give the committee 
an example of the kind of interference your staff ran into in 
trying to get information from the department.
    Mr. Walker. Well, thank you, Mr. Chairman.
    First, I don't believe I have ever used the word 
``interference.'' And that is an example of how there was 
misreporting of what we said yesterday.
    Here is the problem. The problem is, it is my understanding 
from my staff that every document that is to be provided to GAO 
for review has to be reviewed by the chief counsel's office. 
There is no reason for that. We have broad-based statutory 
rights to documents. And I don't understand why these 
documents, every document, has to be reviewed by a lawyer.
    Second, it is also my understanding that on a selective 
basis, not on an across-the-board basis, that members of the 
chief counsel's office--and there are many members of the chief 
counsel's office--want to sit in on interviews with regard to 
selected officials. That has a chilling effect on the ability 
of people to speak candidly with us.
    My understanding is Rick has had similar problems. But 
again, this is a systemic problem. It is not a particular 
person. It is something that is systemic.
    Mr. Skinner. Thank you. Yes, we have had similar problems. 
But they are not the types of problems that GAO is 
experiencing. And ours have been primarily within the area of 
the Coast Guard. And there, because of draft guidelines that 
have been published, it has created a shroud on our 
interaction.
    If you ask the Coast Guard, if you ask anyone in the 
Department of Homeland Security, they will tell you they 
cooperate with us. Generally speaking, they do cooperate with 
us. With regards to Phil Perry and his office, they have always 
been supportive of our operations. And the news media yesterday 
really did a disservice in the way they interpreted the 
comments we made yesterday.
    Our problem, for example, at the Coast Guard presumes that 
anytime we want to do an interview, that the supervisor must 
sit in. Anytime we make contact with an individual within the 
Coast Guard, they must report that to their supervisor. Anytime 
we want a document, we must go through the audit liaison 
officer to get that document where it is vetted and reviewed.
    That is very cumbersome. It expends a lot of time, slows 
down our ability to do our job in a timely manner. And it also, 
like Mr. Walker said, it sends a chilling effect among those 
that we are trying to interact with.
    If they say they want to meet with us privately, which the 
Coast Guard says they can, that also sends a message that we 
may not be a--we, a member of the Coast Guard--is not a team 
player. So therefore, there is a resistance. There is an 
attitude there that it is not wise to meet with the IG 
privately.
    And then when they do meet with us with their supervisors, 
they are constrained. They are not as open. As a result, we 
generally have to do two interviews, one with the individual 
with their supervisor and a second interview at night over the 
telephone back-channel.
    Chairman Thompson. One point of reference, is that 
customary, to your knowledge, with other departments within 
government?
    Mr. Walker. Well, we deal with every department in 
government. And, no, it is highly unusual. It is one thing for 
the general counsel's office to be involved on an exception 
basis in unusual circumstances. And that is fine, and that is 
understandable. But to be involved with every document is 
highly unusual. In fact, I think it is the only one that I know 
of in government.
    Chairman Thompson. Thank you very much.
    I now yield to the ranking member of the committee for his 
questions.
    Mr. King. Thank you, Mr. Chairman.
    My first question would be to Inspector General Skinner. It 
is somewhat parochial, but I think it has an overriding arch to 
it.
    Back in October of 2005, New York City received credible 
threats about an attack on its subway system. And the police 
commissioner and the mayor increased security on the subways at 
the time. Simultaneously with that, officials in the Department 
of Homeland Security were downgrading the threat and were 
trying to minimize it, and they were very critical of the mayor 
and the police commissioner.
    At the same time as that, it turns out that officials 
within the Department of Homeland Security were actually 
advising their relatives to stay off the subways. This was 
actually before the threat was even announced, which to me, 
certainly, violated some very important procedures as far as 
leaking classified information.
    I know you conducted an investigation of that. Can you tell 
us what the status of the investigation is, what action was 
taken against those individuals and more importantly than that, 
what actions has the department taken to ensure that employees 
of the department realize the absolute necessity of not leaking 
secret information? And has that been impressed upon the 
employees in the department?
    Mr. Skinner. Thank you.
    Yes, indeed, we did do an investigation of that incident. 
And it is complete. And we had referred our findings back to 
the program offices with recommendations for disciplinary 
action. I will have to get back to you, Congressman King, on 
exactly what those actions were. I know there were actions 
under way. I just don't know what they were at this point in 
time.
    Mr. King. Is there any way of telling now whether or not 
this was an unusually long period of time that the department 
has taken? Or it is just that you are not aware of it at the 
time?
    Mr. Skinner. I am just not aware of the actions on that 
particular case.
    Mr. King. Okay, okay. If you could get back to me on that, 
I would certainly appreciate it.
    Mr. Skinner. I will.
    Mr. King. Comptroller General Walker, the department has 
undergone several transformations or reorganizations in the 
past several years. There was Secretary Chertoff's second stage 
review. Then last year there was the FEMA reformation and 
restructuring. What impact have those reorganizations had on 
the department, positive and negative?
    And is it early enough yet to determine how effective the 
FEMA reorganization has been, especially in view of how it 
conducted itself, which I believe was in a positive way in the 
recent tornado incident in Florida?
    Mr. Walker. Well, I think it is too early to tell whether 
or not the reorganization is going to be effective. And 
obviously, that tornado was a tragic incident in Florida.
    But the scale of that as compared to the scale of a Katrina 
or something is obviously very, very different.
    And frankly, I think we should have expected that people 
would have been overwhelmed with Katrina. But I would have 
hoped they would have done better, and I am sure you do, too.
    Secondly, so with regard to that--I apologize. The first 
part of your question, Mr. King, again, was?
    Mr. King. Yes, the impact of these reorganizations have on 
a new department. Are there any lessons learned from that?
    Mr. Walker. Thank you.
    Mr. King. And do you believe that we should consider more 
reorganization or let this try to work its way through?
    Mr. Walker. Any organization, whether you are in the public 
sector, the private sector or the not-for-profit sector, 
reorganizations are very disruptive. They have an adverse 
impact on morale. It is very important that one step back, look 
strategically, decide how best to align the organization to 
achieve the objectives, implement it and leave it alone for a 
period of time.
    The morale at the Department of Homeland Security, based 
upon the latest employee feedback survey, is, I believe, dead-
last of all the major departments and agencies.
    Now, you can't say it is because of all these 
reorganizations. But I can tell you, based upon my public-and 
private-sector experience, including running a global operation 
in the private sector and heading three federal agencies, you 
know, reorganizations may be necessary at times but they should 
be minimized and they are disruptive.
    Mr. King. Do you believe the department is working 
effectively to further this reorganization now? Or do you feel 
it has become stalemated or stagnant?
    Mr. Walker. My understanding is we are doing some related 
work. And I would rather wait until that work is done before I 
end up saying anything.
    Mr. King. My time is running out. Mr. Chairman, I yield 
back.
    Chairman Thompson. Thank you very much.
    We will now hear from the gentlewoman from California, Ms. 
Sanchez.
    Ms. Sanchez. Thank you, Mr. Chairman.
    And thank you, both of you gentlemen, for your service to 
our country and for the information you are giving us.
    You know, my background is in strategic management. I used 
to work for Booz-Allen. I was an investment banker. I have 
international experience. I did a lot of M&A work, more 
importantly, performance audits after M&A work.
    Quite frankly, I voted against creating the Homeland 
Security Department because I know how terrible it can be to 
get two cultures together, let alone 22, and maybe not the 
right 22, in an area and then not put them together really and 
take away collective bargaining rights from its employees and 
leaving the situation cost-neutral, as you alluded to, where 
they picked up additional responsibilities but weren't allowed 
to spend any more.
    And, of course, I think one of the biggest problems we have 
seen is that those who were smart enough or who had been there 
long enough knew they had to get out of those departments. That 
created voids. And you people came in. They didn't know how it 
had been run before. Now we hire back contractors in order to 
come in and tell the new people how the job is done.
    We look at the situation of the staffing over at this 
department, and we see that--and we still haven't gotten back 
the numbers completely. But the fact of the matter is slots are 
not filled. Lots of contracting slots are sitting there. So 
just the whole issue of people is a big problem.
    But I want to ask a couple of questions with respect to the 
budget that just came out from the president and the fact that 
DHS had been pushing to get the old hospital in D.C.--I wish 
Ms. Norton was here--to sort of situate its employees in one 
place and stop leasing wherever it is that they all are. And, 
of course, then you do the cost savings analysis that saves 
over $1 billion a year the sooner you get them out of those 
leased offices.
    But, you know, the drawback is it is up-front money that 
you have to spend in order to get this old hospital 
refurbished. And, of course, I hate to say it without Ms. 
Norton here because, of course, she is very anxious to fill 
that place up.
    But my question to you is, do you think it would make a 
difference if we did put these people together in one place and 
gave them the secure lines some of them need and the access 
some of them need? Or do you think that is not going to make 
any difference, that they are just--and I have said this over 
and over--chaotic and a confused department, which it has been 
for the last--and I have sat on the committee since the 
inception of that. Or do you think it might help?
    Because in the president's budget, this issue of putting 
everybody in one place has been zeroed out.
    Mr. Skinner. I really wouldn't want to speculate that it 
would make things better. But I could say that it would be more 
efficient if we were all together because we spend an 
inordinate amount of time commuting cross-town to meet with one 
another because we are scattered all over town, at the Ronald 
Reagan Building, up on 4th and High Street, down on Vermont 
Avenue and places in Virginia. And it is very inconvenient. And 
you lose hours a day just commuting back and forth for 
meetings.
    But I wouldn't want to speculate would it make us a more 
cohesive, better managed. I don't think location drives 
management. I think management drives management.
    Ms. Sanchez. Okay, that is fair enough. Thank you.
    Do you have a comment on that?
    Mr. Walker. I think it could help, but I don't think it is 
a panacea. I think clearly it could help to improve economy and 
efficiency.
    Ms. Sanchez. Maybe communications?
    Mr. Walker. Possibly, yes. But it clearly comes down to 
leadership and performance measurement rewards systems and a 
variety of other things irrespective of where you are. As you 
know, sometimes you can have everybody in one building but 
psychologically there can be a difference between which floor 
you are on plus which unit you are part of.
    But it wouldn't hurt. And I think it would help.
    Ms. Sanchez. Thank you, Mr. Chairman. I will yield back at 
this point.
    Chairman Thompson. Thank you very much.
    The chair will now recognize other members for questions 
that they may wish to ask the witnesses. In accordance with our 
rules, I will recognize members who were present at the start 
of the hearing based on seniority on the committee alternating 
between majority and minority. Those members coming in later 
will be recognized in the order of their arrival.
    I now recognize the gentleman from Alabama, Mr. Rogers.
    Mr. Rogers. Thank you, Mr. Chairman.
    I want to thank the witnesses for being here. I would like 
to address my questions to Mr. Skinner.
    In the 109th Congress the subcommittee that I chaired held 
three hearings on ISIS. For those who aren't familiar, that is 
the Integrated Surveillance and Intelligence System. And, it 
was a real disaster. We talked about ways that we could make 
sure that didn't happen in the future, particularly as we went 
into this new technology era. And then last September, SBInet 
was announced.
    And you released a report in November, a management 
advisory report, that raised a lot of concerns about SBInet. I 
would like to ask you, has DHS done much to address the 
concerns in that management advisory? And if so, what have they 
done?
    Mr. Skinner. That is interesting because, as we speak 
today, we are meeting with the SBInet folks to obtain an update 
exactly where they are with regards to implementing the 
recommendations we made there.
    I can say that just from--because we are embedded there. We 
are going to continue to work there because of the major-
because of the investment that we are putting in this 
initiative. And I can say that we still have significant 
problems.
    The staffing, the project management team is still not 
where it should be. And our major concern right now is, while 
they can manage the one or two taskings that are out there, we 
are in the process to issue several more taskings between now 
and this summer. And that is going to stretch them very, very 
thin to be able to manage the taskings that they currently have 
then be involved in the process of initiating new taskings and 
providing oversight of these additional taskings.
    So it is something we need to watch very, very, very 
closely. It is certainly not a best practices, the way we 
proceeded with SBInet. But they did, in fact, take certain 
safeguards this time, based on lessons learned from Deep Water, 
for example, and they are moving at a slow pace, which is a 
wise thing to do.
    It is a short-ended contract with exit ramps in case things 
don't go well. So in their pilot, the Tucson area, as I am sure 
you are aware, before we go spread our wings into other areas. 
But it is something that needs to be watched very, very 
carefully.
    Mr. Rogers. I get the impression from the way you described 
that that you see staffing shortage problems.
    Mr. Skinner. There is. There is.
    Mr. Rogers. Not just with you, but with DHS.
    Mr. Skinner. Yes.
    Mr. Rogers. Okay.
    Mr. Skinner. I might add very quickly we have got a report 
coming out on SBInet next week. I would commend it to you.
    And secondly, just a note for the record that I come from 
Alabama as well.
    Mr. Rogers. All right. War Eagle.
    [Laughter.]
    I wanted to ask about procurement. As you know, we talked 
in the past about--and you made reference to it in your 
management advisory acquisition and procurement staff 
shortages. Have you seen any relief in this area?
    Mr. Skinner. I know there is some very aggressive 
initiatives both in our 2007--in the department's 2007 budget. 
And you will see that as well in the 2008 budget.
    Keep in mind that we inherited a budget in 2003. In 2004, 
the president's budget was already up on the Hill. So the first 
time the department was able to submit a budget was in 2005. 
Unfortunately, it was focusing on operational issues in the 
standup of things like the science and technology division.
    In 2006 was the very first time, I believe, or 2007, that 
we recognize that we have dug a hole for ourselves and we are 
trying now to work our way out of that. It is going to be a 
long-term effort.
    The department, particularly under the leadership of Elaine 
Duke, is taking some very innovative approaches to do stop gap 
solutions until we can get fully staffed. And that is trying to 
recruit in-house, doing certification, doing training.
    And it goes beyond just procurement and acquisitions, 
procurement officers. It is really a program management 
capability. And we need additional training there. You can have 
the best procurement shop in the world, but if you don't have 
good program managers and they are well trained and they are 
working hand in hand with your acquisition officer, a lot of 
things can go wrong.
    Mr. Rogers. Right. And a piece of good news, from the 
chairman's standpoint. I met with Ms. Duke yesterday, and 
talked at length about what they have been doing. I know the 
department has gotten a black eye for morale. But apparently in 
procurement there is a real good attitude, and they have got a 
lot of people trying to join that department. But that is a 
good thing.
    I would ask that after this meeting you are going to have 
this afternoon, if you could give us a report to my staff or to 
the committee staff about what you learned from DHS's response 
to that management advisory.
    And last question, how much do you think SBInet is going to 
cost?
    Mr. Skinner. I don't know.
    Mr. Rogers. That is what I thought.
    Thank you, Mr. Chairman.
    Chairman Thompson. Good question.
    We will now have questions from the gentlelady from 
California, Ms. Harman.
    Ms. Harman. Thank you, Mr. Chairman. And thank you and 
thank the ranking member for holding this hearing. These are 
two witnesses who really know what they are talking about and 
can be very helpful as we try to make our homeland security 
program more effective.
    Unlike Ms. Sanchez, I did support the legislation. And I 
guess I am one of its godmothers, for better or worse. But the 
goal was not to rearrange the deck chairs, but to create one 
deck, one national, integrated strategy for homeland security, 
which obviously has to include risk management, since, as you 
point out and everyone here understands, we can't protect 
against everything at all times.
    It is disappointing to hear that, notwithstanding a huge 
effort by many at DHS, we are still slow in reaching success. 
So my first question is, do you think we will ever get there?
    Mr. Walker. I think ultimately you can. I think from an 
intellectual standpoint you can say that clearly by pulling the 
people all together under one department with ultimately one 
chain of command with the ability to hopefully interface more 
effectively, I think you can get there.
    And frankly, let me go back to the Department of Defense--
60 years--
    Ms. Harman. Yes.
    Mr. Walker. And it is a D on economy, efficiency, 
transparency and accountability.
    Ms. Harman. But, Mr. Walker, we don't have 60 years, as you 
well know.
    Mr. Walker. No, no, we are ahead of the Department of 
Defense. I mean, you were only 4 years, right.
    I mean, and so, can we be successful? Yes, I believe we 
can.
    Mr. Skinner. And I agree with Mr. Walker. Absolutely we can 
be successful. But it is going to require transparency, 
accountability, oversight, and a focused leadership.
    But if we maintain that leadership and maintain our 
discipline, yes, we can be successful. It is not going to be 
easy, and it is not going to be done in a short period of time.
    Ms. Harman. On that point, let me just ask a couple of 
questions in combination so that I don't run out of time. I 
don't want to abuse the time of other members.
    Number one is whether you can put a timeframe or an 
approximately timeframe short to long on when we can achieve 
success.
    Number two is a request, Mr. Chairman. I would like to 
request more specific information on the role of contractors in 
the Department of Homeland Security. I think it is a staggering 
statistic that 40 percent of the budget, $16 billion, if I 
heard you right, goes to outside contractors. And I would like 
to know what it is that they do there so that we can hold them 
accountable as we are trying to hold everyone else accountable.
    Chairman Thompson. I agree.
    Mr. Skinner. Yes, and I will provide you a breakdown of 
where those funds are going.
    Ms. Harman. Right. And my other question is, to piggyback 
on the last one, about SBInet. I want to ask about the homeland 
security information network and how we are doing with that. 
And specifically, are we reinventing the wheel?
    I mean, there are other information-sharing systems that 
law enforcement, for example, is comfortable with, like RISNET 
and LEO and LINX, a system I have learned about recently, which 
is a naval criminal investigative services network.
    And I am wondering whether those pre-existing systems were 
researched before HSIN was developed and would an assessment of 
those networks be useful now in trying to achieve in the 
shortest possible timeframe real full integration so we can 
share information.
    Mr. Skinner. I am not sure if they were explored or not. 
But I can say that as a result of our recent work in that area 
that the department, in particular, Charlie Allen, who is 
running our intelligence analysis shop now, is stepping back 
and taking a broader view of what our options are, reaching out 
to our partners such as the FBI for LEO and the Navy and other 
areas to see if maybe we should just piggyback or work with 
them hand in hand to ensure that communications between the 
feds and the states and the locals.
    Ms. Harman. As chairman of the relevant subcommittee here, 
that is a high priority for us, because you can't share 
information if you don't have the sharing mechanism, even if 
you have the will.
    How about an answer on timeframe for achieving a successful 
integration in this department?
    Mr. Skinner. Well, again, I don't know if I want to 
speculate when you talk about integration of the entire 
department. I can give you some timeframes for, for example, in 
financial management.
    We hope to have the ability to provide the Congress and the 
public with reliable and timely financial statements that are 
unqualified, audited opinions no later than 2009. And that 
would be 3 years.
    In the IT arena, we are plodding along. But we are looking 
at 2008 to build a department-wide platform that is what their 
out-goal is. Will they reach that? That is a very ambitious 
goal, to have a department-wide network that will support 
everyone.
    In the area of grants management, I think we are very weak. 
I don't think we are paying enough attention to what is going 
on in our grants management arena. I think we might be doing a 
good job of developing risk assessments as to how we are going 
to award those funds. But we are doing that in a very stovepipe 
manner. And I think maybe we need to slow up and take a look at 
what we are doing.
    Ms. Harman. Right. My time has expired.
    I just, Mr. Chairman, would ask that Mr. Walker answer the 
question about timeframe.
    Mr. Walker. I can very quickly. Five to 10 years on a 
consolidated basis, hopefully closer to 5. I am talking about 
full integration and transformation.
    And quite frankly, as I said before, it is 5 to 7-plus even 
in the private sector. And this is a lot more complicated than 
that. But it is not guaranteed unless they take certain steps.
    Last thing, contractors: We have a major challenge 
government-wide with contractors. We are using contractors more 
than prudently appropriate. There are a lot of circumstances in 
which we clearly should use contractors, and they do a good job 
for us, and it may be necessary. But there are major issues 
here beyond DHS.
    Chairman Thompson. Thank you very much.
    I now recognize the gentleman from Texas, Mr. McCaul.
    Mr. McCaul. Thank you, Mr. Chairman.
    Mr. Skinner, I want to direct my questions to you. Last 
Congress we worked very well on the issues related to FEMA 
fraud, waste and abuse issues. However, there was another 
oversight issue regarding an investigation conducted by your 
office that did not go quite as well.
    As you are aware, last September when I was chairman of the 
Investigations Subcommittee, I requested a briefing from your 
office on the case involving Border Patrol agents Ramos and 
Compean. I requested that meeting because we were hearing a lot 
of allegations about the innocence, potential innocence. My 
sole goal is to get to the truth of this case.
    Now, I sent you the letter after that meeting requesting a 
report of investigation that I was told that substantiate the 
assertions that were made by members of your staff to several 
members of Congress and committee staff.
    In January of this year, I contacted your office for that 
document again as I had not received it. And I was told by you 
that, as I was no longer chairman, that this request would no 
longer be honored and that I would have to submit my request 
through the Freedom of Information Act. I have to say I think 
that defies, to some extent, the authority of this committee.
    Be that as it may, as of yesterday I received a production 
pursuant to the Freedom of Information Act, and I have had a 
chance to review that report. Many of the assertions that your 
office made indeed turned out to be correct.
    However, there are several that I want to entertain that 
did not, in my view, add up. And I want to know specifically 
what you are going to do about this.
    One had to do with the allegation, very inflammatory, by a 
member of your office that these agents stated on the day of 
the shooting that they wanted to shoot a Mexican.
    Mr. Skinner, I looked through this entire production, this 
entire report, and nowhere is that statement found in this 
report. I don't know if it exists in another report. If it 
does, I would like to see that report.
    In addition, we were told that the individuals, the agents, 
knew the drug dealer was unarmed and did not fear for their 
life at the time of shooting. However, as I read the memorandum 
of activity, which is attached to your production, it clearly 
states that Compean said that he began to shoot at Aldrete 
because of the shiny object he thought he saw in his left hand 
and because Aldrete continued to look back toward his 
direction.
    Compean explained that he thought the shiny object might be 
a gun and that Aldrete was going to shoot at him because he 
kept looking back at him as he ran away from him. It was then 
that he began to shoot. That is according to Compean. That is 
his statement.
    Obviously, the jury believed differently in the outcome of 
this trial. But the point remains that we were given various 
representations from your office that we believed in. We 
certainly believed in the good faith of your office. And I 
believe that these representations became misrepresentations, 
if not outright false statements to members of Congress.
    So specifically, I wanted to hear from you what you intend 
to do to hold your office accountable for these statements that 
were made to members of Congress and to this committee.
    Mr. Skinner. I would like to make, first, two points.
    Those, say, misrepresentations were made to me as well.
    Secondly, those misrepresentations were not deliberate. Our 
policy is generally not to brief until an ROI has been 
prepared. And we will only brief if requested by a chair of a 
committee for the official business of that committee.
    In this case, we agreed to brief on the two individuals 
that had been convicted and sentenced, although our ROI had not 
been completed. In fact, our report of investigation was not 
completed until late November.
    In preparation for the meeting with you and other members 
of Congress, the individuals that briefed you were briefed 
telephonically by members of the investigative team. And the 
characterizations that they received they passed on to you. And 
they were mischaracterizations.
    For example, the briefer from, I believe, Texas told us 
that--not me personally, but to our assistant IG for 
investigations who subsequently briefed you--that they were out 
to shoot the Mexican. The actual quote was they were out to 
shoot the alien. It was not a Mexican. But that was the 
characterization that was passed on to them. Unfortunately, 
they repeated that to me, and they repeated that to you.
    So far as being in fear of their life, that was a summation 
of all of the evidence that they had gathered from other 
witnesses. Keep in mind we did not investigate two agents, 
Border Patrol agents here that were convicted or that were 
prosecuted. We conducted an investigation of an incident. It 
was a shooting incident. It involved 11 Customs and Border 
Patrol agents.
    When we initiated that investigation, we developed facts 
surrounding the case. We brought that to the prosecutor. The 
prosecutor then chose to prosecute two individuals. There were 
three other individuals that are implicated as well. But the 
prosecutor chose not to file charges against them. However, we 
referred that to CBP to the management for administrative 
action.
    Those three people now have been disciplined; that is, been 
given their notice to terminate employment with CBP. One has 
already resigned. The other two I don't know what their current 
status is.
    But it is an unfortunate mischaracterization. I apologize 
on behalf of our staff for that mischaracterization. But I just 
wanted to make it perfectly clear it was not intentional. They 
were not trying to suggest that this was greater or something 
more than what it was to impress upon you that the conviction 
was a justified conviction. They were just simply repeating 
characterizations that were passed on to them.
    Ms. Sanchez. [Presiding.] The gentleman's time has expired.
    Mr. Etheridge for 5 minutes, of North Carolina.
    Mr. Etheridge. Thank you, Madam Chairman.
    Let me thank both of you for being here today.
    Let me ask a question because in the ongoing response to 
Hurricane Katrina--and I ask this question because it may just 
be January and it is cold as blazes outside right now. For 
those of us who live in North Carolina and in coastal 
communities, we aren't too far from hurricane season again. I 
know that may sound strange, but we live in that fear.
    And in the ongoing response to Hurricane Katrina and Rita, 
the GAO has identified significant fraud, waste and abuse in 
the control weaknesses in FEMA's individual and household 
programs and in the Department of Homeland Security's purchase 
card account.
    Can you share with us if FEMA has taken action on the 
recommendations to address these weaknesses?
    Mr. Walker. It is my understanding they have taken action 
on some, but not all of those. And I would be happy to provide 
some more information to your office, Mr. Etheridge.
    Mr. Etheridge. Would you, please? Thank you.
    Mr. Walker. I would be happy to do that.
    Mr. Etheridge. I think that would be helpful.
    Secondly, are efforts being made to determine whether the 
systems will work in an actual disaster? You know, even though 
we have taken action, have there been any dry runs, so to 
speak? Because I think that is critical if we are going to--you 
know, we could face another one in the very near future.
    Mr. Walker. I understand. If I can provide that for the 
record, I would appreciate that.
    Mr. Etheridge. Okay, I appreciate that.
    Mr. Walker. Because I don't know the answer.
    Mr. Etheridge. Thank you.
    Several OIG reports have identified problems with TSA 
screeners and TSA airport procedures, as you well know. And I 
have heard from many of my constituents about the 
inconsistencies that have been applied to rules and other 
issues with passenger screening, and, I guess, more 
particularly and probably more specifically, dealing with the 
hastily applied rule of liquids.
    So in that regard, can you share with us the progress that 
has been made in implementing the provisions of OIG's 
regulations and what is being done to further ensure 
consistency and clarity regarding the rules and procedures on 
these airport screenings?
    I think, you know, that is where the traveling public faces 
it more readily. And we get feedback real quick.
    Mr. Skinner. I am sure you do. And I travel a lot as well 
as part of my job, and I do personally observe and see these 
inconsistencies. There is a whole variety of reports that we 
have issued with regard to TSA where they need to tighten up 
not only their internal controls, but their business processes 
and the way they do business.
    We are doing a series of audits with regards to TSA right 
now to follow up on the recommendations that we have made over 
the last 2 to 3 years with regards to not only their 
recruitment, but their processes at airports, not only for 
passengers, but also for cargo, checked luggage, that type of 
thing.
    And if I may, if I can get back, we are looking right now, 
probably sometime this summer, before we will have a report on 
two or three of these areas that will be?
    Mr. Etheridge. If you would get that back to us, I would 
appreciate it.
    Mr. Skinner. I would be happy to.
    Mr. Etheridge. All right. Thank you.
    The final question I have, Madam Chair, is my state of 
North Carolina is a participate in the regional information 
sharing system or RISS program. Given the problems you mention 
in your report on I.T. infrastructure and the data system, what 
is the prognostication for linking the homeland security 
information network to RISS? And are procedures being developed 
to avoid duplication and confusion should this linkage be 
taking place?
    Did you understand the question?
    Mr. Skinner. Are you referring to--
    Mr. Etheridge. It is the regional information sharing 
system, okay, the regional information sharing system. And you 
indicated a lot of problems you mentioned in the report in the 
I.T. information and data system.
    And my question is, what is the prognosis for linking the 
homeland security network to RISS? And are procedures being 
developed to avoid duplication and confusion when that linkage 
takes place?
    Mr. Skinner. Thank you. And may I get back to you on that?
    Mr. Etheridge. You sure may. That would be fine.
    Mr. Skinner. I am not real familiar--well, familiar with 
the subject, but not the response or status.
    Mr. Etheridge. That will be fine. Thank you, sir.
    Thank you.
    Ms. Sanchez. The gentleman's time has expired.
    Mr. Etheridge. I yield back.
    Ms. Sanchez. Before we go to Mr. Souder for 5 minutes, we 
have, I believe, what is three votes on the floor, the last 
votes of the day, 15-minute votes. So we will do his 5 minutes 
and then we will break. We will go into the votes, and then we 
will return.
    That is, if our two gentlemen--how long do you all have? We 
will probably be gone for about half an hour at least.
    Mr. Walker. I have got a meeting on the Senate side at 
3:30, which I need to do. So I can leave at about 3:20. I can 
stay here until about 3:20.
    Ms. Sanchez. Okay.
    And Mr. Skinner?
    Mr. Skinner. The same. I can stay at your convenience.
    Ms. Sanchez. Okay. So we will take the gentleman from 
Indiana, and then we will break for votes and we will return.
    Mr. Souder. Mr. Skinner, I don't know how to adequately say 
I found your answer to Mr. McCaul completely unsatisfactory, 
that I think this is something that is going to get 
increasingly embarrassing to the government in all aspects.
    As somebody who initially was fairly calm about this matter 
and the more I read and the more I see the documents and the 
more I see the policies behind the documents, the American 
people are going to question whether we have any commitment 
whatsoever to the border based on the type of spin we have been 
receiving.
    And I find one of the most amazing things listening at the 
beginning of the hearing the criticism from both of you about 
the Coast Guard and thinking, you know, there is some truth to 
this. If you have people who can't talk to the people who are 
investigating and they always want to have their person up 
higher that want to give a report, how are you, as auditors, 
supposed to do this? Well, how are we, as congressmen, supposed 
to do this?
    If you want to, in effect, say we can't give you documents, 
we have to have our staff screen with us until we can talk to 
you, the very thing you were complaining about the agencies 
about you do to us. And I am just appalled and embarrassed for 
you.
    Now, I have some particular questions regarding SBInet. 
Over in government reform we are doing some Iraq 
investigations. And we are all going to be talking with you 
over the period of time. And one of the classic tradeoff 
challenges is here because as a businessperson myself, I 
understand to get corruption, to get tracking, you have to have 
information. And too often the agencies are getting 
stonewalled. We don't have enough staff.
    We were yesterday talking about Iraq where they really 
needed 800 accountants, and they had four to 10, and a third of 
them got shot up. How do you do tracking? Because the classic 
thing here on the border on SBInet, which is a huge challenge 
right now, and I know we will be talking more about this over 
time. And I read your statements with it.
    As a practical matter, any effort in any section of this 
border is going to be successful because they are just going to 
move to another part. And at the same time, by the time we make 
sure that every piece of fence works, every piece of technology 
works and we do all this research and do the accounting with it 
and make sure we have a plan, it is sometimes one of the 
tradeoffs here. And this is what I would like you to address 
structurally is we shouldn't rush because if we rush, we might 
make a mistake.
    So we have got a million illegals coming across. We have no 
idea whether terrorists are coming through. We have contraband 
coming every day and narcotics. We have potential other types 
of contraband all the time coming across. How do you balance 
the auditing challenge you have with the need for speed?
    Because to some degree, any fence works temporarily. 
Anything we do works temporarily. That if we sit back and wait 
and do an immigration bill but don't have any border strategy, 
we don't really have an immigration bill. Could you talk about 
that tradeoff that you see constantly when you do oversight?
    Mr. Skinner. That is an extreme challenge. And that is one 
of the things I commented on earlier, is the urgency of our 
mission and balancing that against our infrastructure and our 
ability to support that mission.
    With regards to the SBI and the SBInet initiative, SBInet 
is only one part of a larger initiative. And we have to bring 
it all together. To secure our entire borders nationwide north 
and south is something that therein lies one of the problems we 
have right now with SBInet, is that we don't have operational 
requirements. What do we need?
    Like you said, if we secure Tucson, they are going to come 
in through Del Rio. If we secure Del Rio, they are going to 
come in at El Paso. So we have to have an operational plan that 
is put in place with measures and performance matrix that will 
show us when we are going to do it, how much it is going to 
cost to do it.
    We also have to take into consideration the cost benefit of 
doing all this. Do we want to spend billions of dollars and it 
is not going to work? So it is just a major challenge.
    But when I say proceed with caution, I am talking about 
proceeding with caution. Find short-term solutions to ensure 
that if we are going to invest $1 billion next year, which the 
president is asking for in 2008, that we know at the end of the 
year those monies were spent wisely, not necessarily--we still 
need to proceed, but at the same time, we can take some steps 
to ensure that we have oversight. I can assure you our office 
will continue to provide oversight to the extent we can.
    Mr. Walker. Mr. Souder, acquisitions and contracting is a 
high-risk area across government. And it is particularly acute 
in certain departments and agencies. The fact is we are relying 
on contractors in new and unprecedented ways.
    We are also entering into some contracting arrangements 
such as the one with SBInet where we are employing an 
integrator approach, which means we are providing more 
flexibility to the contractors. With more flexibility, it means 
you need to be that much more careful about conflicts. You have 
to be very, very careful to define your objectives and to nail 
down your requirements.
    You have to make sure that you have appropriate interaction 
and oversight as you go along because with more flexibility 
means more risk. There are 15 systemic problems with our 
acquisition and contracting system in the entire government, 
which I will be happy to provide for the record.
    We need to focus on those because, yes, you need to move 
expeditiously, but you need to get it right. And all too many 
cases we have gotten it wrong in some cases because we moved 
too fast.
    Ms. Sanchez. Thank you. The gentleman's time is expired.
    Mr. Souder. Thank you. And would you provide the 15 for the 
record?
    Mr. Walker. I will be happy to do so.
    Ms. Sanchez. We will recess.
    Gentlemen, we will probably be gone about 30 minutes or a 
little bit more, depending on the votes. So go grab a Coke or 
something, and we will be back.
    Thank you. We stand in recess.
    [Recess.]
    Mr. Dicks. [Presiding.] You know, in your opening remarks, 
you talked a lot about DHS contractors and that 60 percent--was 
it 40 percent or 60 percent of the DHS budget is spent on 
contractors?
    Mr. Skinner. Approximately 40 percent in 2006. In prior 
years it has been building. In 2005 I think it was around 25 
percent. In 2004 I believe it was around 25 percent.
    Mr. Dicks. And you are concerned that we don't have good 
oversight of these contracts? Or is there competition for these 
contracts?
    Mr. Skinner. Not all of them. My primary concern is that we 
don't have the capacity to provide the oversight that is needed 
to ensure that we are getting what we are paying for.
    Mr. Dicks. Have you investigated any of these contracts, 
any of them specifically?
    Mr. Skinner. When you say investigate, yes, we have many 
ongoing investigations on contracts that were let as a result 
of Hurricane Katrina, Rita and Wilma a couple years ago. We 
have done a lot of work in audits of various contracts to 
determine whether--for example, the contract with Pearson to 
hire the TSA screeners. We have done reviews of the Boeing 
contract to install electronic detection or explosive detection 
equipment at the airports, those type of things.
    Yes, we are actively engaged in reviewing many of the major 
contracts--
    Mr. Dicks. Do you have enough staff to do your work?
    Mr. Skinner. We can always use more staff, of course, as I 
think everyone--
    Mr. Dicks. What is your staff? How big is your staff?
    Mr. Skinner. Currently right now we have approximately, 
including those resources that are dedicated down in the Gulf 
Coast, somewhere around 550.
    Mr. Dicks. Now, are these all government? Or are some of 
these contractors?
    Mr. Skinner. Of those, no, those are not contractors. These 
are all government employees. Some of those, approximately 60-
plus, I believe, are hired on a temporary basis to provide us 
the coverage we need in the Gulf Coast.
    Mr. Dicks. Okay. Now, one of the other issues that you 
mentioned was there is the concern that you have the DHS on a 
list of--and want to talk about that, Mr. Walker, on the list. 
And they have not done a good job in coming back to you with 
trying to show you that they are working to get off the list.
    There is a number of things that you mentioned in your 
testimony that the DHS hasn't done. And you mentioned that some 
of the agencies were on this financial audit list prior to DHS 
being created. Could you tell us which ones and kind of give us 
a little overview on this problem?
    Mr. Walker. In 2003, we put the DHS integration and 
transformation effort on our high-risk list. And it has 
remained on it through the two updates in 2005 and 2007. The 
latest update being announced on January 31st.
    We did that because of a number of reasons. One, there were 
a number of major management challenges that existed in a 
variety of these 22 agencies before they were put together. And 
secondly, just the mere undertaking of trying to integrate 22 
different agencies with different systems, with different 
cultures, et cetera, is a massive undertaking.
    What I mentioned before was was that while they had made 
some progress, they have got a long way to go and that one of 
the frustrations that we have been having is that we have not 
been getting timely access to records and to individuals. It is 
one thing to understand that there can be delays.
    But it is becoming a systemic problem. And part of which is 
because how they go about trying to clear the records and 
different safeguards that they have in place that other 
departments and agencies do not.
    Mr. Dicks. Have you talked directly to Mr. Chertoff about 
this, Secretary Chertoff?
    Mr. Walker. I have spoken with Michael Jackson about it. I 
have not spoken with Secretary Chertoff directly about it.
    Mr. Dicks. Who have Chertoff and Jackson put in charge of 
coming up with a plan and an approach so they get off this 
list? Who is in charge of that? Is there somebody in charge? Do 
they have a CFO? Obviously, it is Chertoff obviously. But--
    Mr. Walker. Well, ultimately he is in charge. One would say 
that Deputy Secretary Jackson is really focused more on 
internal matters, more on operational matters. I know that OMB 
has worked with DHS as well as all 27 of the high-risk areas to 
come up with an action plan to get off the list. Some will be 
able to get off a lot quicker than others. It is going to take, 
I think, a number of years for DHS to get off.
    Mr. Dicks. Well, give us for the record a list of the ones 
that were in trouble financially and on your list prior to DHS 
being created. And if any of them have gotten--well, of course, 
they couldn't get off because the whole agency now is being 
evaluated.
    Mr. Walker. I will be happy to provide it for the record.
    Let me just say this, that there is one area that relates 
directly to the Department of Homeland Security. And that is 
the overall integration transformation effort. There are other 
areas that relate to the Department of Homeland Security 
indirectly, for example, information sharing. They are 
obviously part of the intelligence community. And there are 
major challenges associated there.
    Mr. Dicks. Ms. Blackburn, please, is recognized for 5 
minutes.
    Mrs. Blackburn. Thank you, Mr. Chairman.
    Mr. Walker, always good to see you.
    Mr. Walker. Good to see you.
    Mrs. Blackburn. As I read your testimony and prepared for 
today, I noticed that some of the themes that seem to come your 
direction or come up in our conversations are still there. We 
have systemic problems. We lack a comprehensive strategy. They 
lack a comprehensive team.
    There is too much bureaucracy. There are too many lawyers 
involved in the process. And I thought how amazing it is that 
we hear this from you. We hear it from the inspector general. 
And we are hearing it from our constituents that are trying to 
deal with federal agencies.
    So, therefore, it should tell us that we really have a 
problem in how the federal government is organized. And I 
appreciate the wisdom that each of you bring to the discussion 
and hopefully guidance that will help us to reduce some of the 
bureaucracy and the repetitive nature of process that we find.
    Mr. Walker, I have got several questions. I know I am not 
going to get through them. I have actually got eight for you 
and 16 for the inspector general, so I am going to submit some. 
But I want to begin by talking about CIS. And the GAO report 
mentions that CIS has improved their ability to deal with the 
backlog of immigrant applications.
    But I have read some instances in some reports where 
federal contractors have thousands of applications that are 
stored and where some of them have shredded tens of thousands 
of applications and some of the paperwork in order to reduce or 
give the appearance of reducing that backlog. And I would like 
to have from you an awareness of what you have or how you see 
that situation.
    Mr. Walker. Well, first, we have done some related work and 
noted some progress there. Candidly, at this hearing I heard 
for the first time assertions that there may have been some 
destruction in order to reduce the backlog. That is news to me.
    And I think what we need to do is I will go back with our 
people and find out what, if anything, we have heard of that 
and also try to coordinate with Rick Skinner to see whether one 
of us might want to follow up on that without duplicating 
efforts.
    Mrs. Blackburn. I thank you. What are they currently 
showing as their backlog?
    Mr. Walker. I don't have the numbers in front of me. I 
would be happy to provide it for the record.
    Mrs. Blackburn. You do not? That would be great.
    The other thing that I would like to know about that 
backlog is if they are including the applications that are 
pending for security background clearance and checks or if 
those have been moved on to another agency and figure out how 
that has fit into that evaluation. Anyway, if we can quantify 
that number, that would be helpful.
    And then the other thing, if you feel like they have 
sufficient resources to deal with that--it is a process, more 
immigration applications if we were to have a temporary guest 
worker program.
    Mr. Walker. Right.
    Mrs. Blackburn. To talk about a looking forward. One of the 
things we do not ever do is look forward and say in 3 years, 5 
years, 10 years how will we meet these needs and then plan 
accordingly. And I think that we become so focused on an annual 
budget.
    I have some GIPRA questions, but I will submit those to 
you.
    Mr. Skinner, the SBInet program, I wanted to see if you see 
that as a high-risk program. And also the timeline that DHS--if 
they are making progress in finalizing their metrics and 
targets and their goals for each of their task orders in that 
SBInet timeline.
    Mr. Skinner. Yes, we most certainly do see it as a high-
risk project.
    Mrs. Blackburn. Okay.
    Mr. Skinner. And each year we publish a document we refer 
to as the 10 management challenges facing the department. And 
that is included in that document as well and will continue to 
be included in that document so long as the department does not 
have--I mean, until they obtain the capacity to, one, manage an 
initiative like this, a system-to-system type of initiative; 
two, until they clearly define what their operational 
requirements are; three, until they can put a price tag on 
those operational requirements so that we can monitor how we 
are spending those funds: Do we have cost underruns, overruns?
    Mrs. Blackburn. Okay. Let me ask you then should they 
postpone this program until they can address those problem 
areas, major problem areas and establish those metrics.
    Mr. Skinner. No, I think the approach--
    Mrs. Blackburn. They should not? Okay.
    Mr. Skinner. --that they are taking is a wise one, and that 
is, let's pilot some of the initiatives we want to do and take 
lessons learned from that before we expand. That will carry us 
out until June.
    They have an aggressive one. They have developed a 
personnel plan. They claim they know what the mix of resources 
they need to manage a project like this. It is approximately 
somewhere between 290 and 300.
    And, of course, that includes everything from the 
engineers, I.T. types, contractor representatives, contractors 
themselves and contractor support to help them to help the 
project integration team to provide that oversight. If they 
cannot build up to that capacity, then we will caution them you 
need to slow down until you can build up to that capacity. But 
right now, no, I would not recommend that we kill a project at 
this point in time.
    Mrs. Blackburn. Thank you. I yield back.
    Mr. Skinner. Very quickly, we have a report coming out next 
week, Ms. Blackburn, on SBInet next week. So you may want to 
keep your eyes open for that.
    Mrs. Blackburn. Okay. Thank you.
    Mrs. Christensen. [Presiding.] Thank you. The gentlelady's 
time is expired.
    We next recognize Mr. Langevin for 5 minutes.
    Mr. Langevin. Thank you, Madam Chair.
    And, gentlemen, thank you for your testimony today.
    Before I get to my questions, I want to comment just on Mr. 
Skinner's answer. You mentioned Charlie Allen, the work that he 
is doing on information sharing with local law enforcement and 
how they are relooking at that whole information sharing 
network. I think that is so important.
    And I have raised that issue a number of times. I think it 
is a problem with homeland security. It probably made a mistake 
in the way it was trying to create a whole new network. I have 
met with people from, for example, RISNET, the Regional 
Information Sharing Network, in New England. And that is a tool 
that law enforcement is already very comfortable with, familiar 
with.
    And to me it seemed counterintuitive at best, nonsensical 
at worst, to not build on that system, something that law 
enforcement is already working with. So I am glad to hear your 
answer to Ms. Harman's question with respect to RISNET and just 
the Regional Information Sharing Networks that already exist 
and how Homeland Security is going to relook at that system.
    But respect to my questions, starting with Mr. Walker, if I 
could. The Bioshield program has experienced varying levels of 
success since its inception 3 years. The program, as you know, 
though was however recently dealt a major blow with the 
cancellation of the contract for next generation anthrax 
vaccine, which at the time was the only major procurement 
contract under Bioshield.
    Now, this program is obviously too important to fail. And 
yet as it currently operates has not been operating very 
successfully at all. Now, as chairman of the Subcommittee on 
Emerging Threats, Cybersecurity and Science and Technology, I 
plan to hold several hearings to explore how to fix the major 
problems with Bioshield's operations.
    And, in fact, in order to get the full understanding of the 
program's failures, we are probably going to need to do joint 
hearings with other committees tasked with oversight of health 
and human services. And I am fully prepared to do so.
    My question is what do you see are Bioshield's biggest 
weaknesses. And do you think the Department of Homeland 
Security and the Department of Health and Human Services are 
equally responsible for the program's failures? And what key 
steps would you advise DHS in particular to take to ensure the 
program's success?
    Mr. Walker. Well, we have done some work on this in the 
past. I am familiar with some of it, but not all of it. 
Clearly, I believe that there is a shared responsibility here 
between DHS, HHS and possibly others with regard to this 
program. We know that we have had circumstances in the past 
where we have relied solely on a particular provider in some 
circumstances.
    I think one of the things that we have to do is we have to 
define what our needs are, and we have to see what we can do in 
order to identify multiple providers hopefully, ideally, 
domestically, but if not, internationally. And I would be happy 
to find out what else we have done and make that available to 
you.
    Mr. Langevin. Yes, I would like you to do that and paying 
particularly close attention to Bioshield and maybe some of the 
successes. I would like to know what progress they are making 
from your perspective, but what we need to do to fix the 
program. It is too important. The results could be in terms of 
an attack and not being able to respond to one adequately would 
be catastrophic. And Bioshield was meant to obviously prevent 
that from happening.
    Mr. Walker. I understand.
    Mr. Langevin. Mr. Skinner, last year Congress cut a 
significant portion of the president's requested budget for the 
science and technology directorate. And these cuts came largely 
because of congressional dissatisfaction with the directorate, 
in part, because of the concerns that S&T was nothing more than 
a hobby shop for program managers rather than a directorate 
actually serving its customers.
    Now, at the same time, Congress was also concerned about a 
lack of transparent strategic planning at the directorate, 
inadequate detail in its budget justifications and the 
directorate's failure to more rapidly develop and adopt 
technologies for homeland security purposes. Now, 
Undersecretary Cohen took over the organization August 2006. 
And since then he has been working to quickly try to right the 
ship, if you will.
    And this committee has held several hearings where the 
undersecretary has been invited to testify. And by and large, 
we are pleased with his progress. And knowing him from my other 
work on the Armed Services Committee and my work in R&D, I know 
that Secretary Cohen did an outstanding job as head of Office 
of Naval Research. He comes to the table with a lot of 
credibility.
    But in spite of the changes at the top, serious problems 
still exist within the directorate. So my question to you, Mr. 
Skinner, is what is your office doing to ensure that the 
problems that existed prior to Undersecretary Cohen's 
appointment are being addressed.
    And specifically, what is your office doing to oversee 
S&T's efforts to develop a mature business model and prudent 
project management practices? And also, what is your office 
doing to ensure that the undersecretary develops a plan to 
strengthen workforce recruitment and retention and improve 
institutional knowledge base as well as create a culture of 
responsibility within the directorate?
    Mr. Skinner. Thank you. Historically we did not provide the 
oversight of S&T that we should have. And that is because of 
resource constraints. And I agree with you that historically 
the S&T, I think, has lost its way, so to speak. It took on 
operational issues when it shouldn't have. It did not reach out 
to its customers. And as a result, it was meandering in the 
department.
    Since Undersecretary Cohen has come onboard, I have met 
with him on multiple occasions, been briefed on his 
reorganizational structure, his new plan of business, the way 
he intends to utilize the S&T resources and service the 
department in the states and the locals in a research and 
development environment.
    This year for the very first time we are getting involved 
in S&T activities. Currently we are first going to learn more 
about how S&T is run. So we are serving the S&T operations, 
working with Mr. Cohen to get an understanding what his 
organizational chart is, what his staffing requirements are and 
where he is going to place his priorities and use the monies 
that are allocated to him.
    From there, we intend to develop a series of audits over 
the next 3 years that will focus on those areas that both Mr. 
Cohen, Secretary Chertoff and our office mutually--and 
Congress, because we always solicit the input from the Congress 
as well--as to those areas that we think would be everyone's 
benefit that we provide more intense oversight.
    If you look at our 2007 performance plan, which, in 
essence, is an outline of the types of projects we intend to 
take, we do now have a chapter dealing just with S&T 
activities.
    Mr. Langevin. Okay. Well, I see my time is expired. I look 
forward to talking to you more about this. It is going to be a 
theme that I am going to question you on when you come before 
us again. I plan to exercise extensive oversight over the S&T 
Directorate in particular because it has problems. So I look 
forward to further discussions.
    Mr. Skinner. We look forward to working with you.
    Mr. Langevin. Thank you.
    Mrs. Christensen. Thank you. The gentleman's time is 
expired.
    And the chair recognizes for 5 minutes Mr. Lungren.
    Mr. Lungren. I thank the Madam Chairman.
    I would like to yield my first minute to Mr. McCaul. He had 
some follow-up on his questions earlier.
    Mr. McCaul. I want to thank the gentleman for yielding his 
time to me.
    Mr. Skinner, let me first say that I appreciate your 
honesty in response to my question. But the fact remains that 
members of Congress were misled by your office, and members of 
this committee were misled by your office. Your office is 
charged with the responsibility of holding the Department of 
Homeland Security accountable.
    My question to you is, what are you going to do to hold 
your own office accountable?
    Mr. Skinner. The first thing we are going to do is I am now 
asking my office to go back and reconstruct the series of 
events that led to the misrepresentation at the meeting that 
those members of my staff had with your staff. That is the 
first thing I want to do.
    The second thing I want to do is look at what processes and 
internal controls we could put in place to ensure that we don't 
repeat this mistake again. One of the lessons learned--and 
because this was the first time that we--we generally don't 
provide briefings prior to the production of a report from 
which we can read and relate to and provide assurances of its 
accuracy.
    And one of the things we may have to do is tighten our 
internal controls and our policies with regards to briefing of 
congressional members or for that matter, even departmental 
staff and leaders until our products are finished and we have 
assurances up the chain that the internal controls, checks and 
balances are in place and I have some level of assurances that 
what we are going to be said or responses to questions that we 
are going to be asked are, in fact, accurate and reliable.
    Mr. McCaul. Well, let me say we certainly intend to follow-
up with your office.
    And I would ask that Madam Chair consider holding a hearing 
on this issue. I yield the balance of my time.
    Mr. Lungren. Yield back the balance of your time. I 
appreciate that.
    Let me just ask two things, one to Mr. Skinner. And that is 
you have talked about the difficulty with the national security 
cutter program with the Coast Guard. And that is the first 
major acquisition under the Deep Water Program.
    The Deep Water Program, in my estimation, is absolutely 
essential for the responsibilities of the Coast Guard going 
forward. What do we need to do to make sure that we don't fall 
behind on the Deep Water Program, but at the same time, ensure 
that it is being managed properly? What internal changes needed 
to be made?
    Mr. Skinner. Yes, and I agree. The Deep Water Program is 
very important, not only to the Coast Guard, but to this 
country. Because if you look at the status of our Coast Guard 
fleet, it is in dire need of upgrading to meet the missions 
that lay ahead, particularly now after 9/11 and our terrorist 
mission associated with the Coast Guard.
    There is a lot going on now as a result of our report. And 
Thad Allen--I have met with him, and I am sure that he will be 
providing briefings as time goes on up here in front of this 
committee. But he, in fact, is, one, reorganizing--has 
reorganized the Coast Guard in its acquisition shop so that now 
we have a place that someone can go to--we can go to, one place 
that someone can be held accountable for the program, which did 
not exist. It was diffused throughout the Coast Guard. Now we 
have one place to go.
    Secondly, he has provided technical authority to the 
assistant commandant for systems who now can't override any 
decisions made by the integrator who initially under the 
original contract had that authority. Three, they are rewriting 
the contract to ensure that the Coast Guard now can exercise 
its authority over the contractor instead of entirely relying 
totally on the contractor's specifications or designs. So there 
is a lot going on there.
    Mr. Lungren. Let me ask this question. We have criticized 
in the past the Department of Defense for being too big and so 
forth. But obviously they have enough people to manage programs 
like this. Criticism of the Coast Guard was that they haven't 
been in this business for 50 years.
    Here we give them a major program. They don't have the 
capability of doing it because they don't have the manpower to 
do it and they don't have the experience to do it. What do you 
say to that?
    Mr. Skinner. That is absolutely true.
    Mr. Lungren. How do we repair that?
    Mr. Skinner. That is an initiative now that the Coast Guard 
has under way to identify what those resources are. As early as 
2002 when the contract was awarded, the IG from the Department 
of Transportation did a survey of their capability to manage 
something this large, a system-to-system performance-based 
contract. At that time, they were saying you do not have the 
capacity to manage something like this.
    The Coast Guard disagreed. It is now 4 to 5 years later. 
The Coast Guard recognizes now it does not have that 
capability. There is an aggressive training program--or not 
necessarily training program, but there is training as well. 
But there is an aggressive hiring program right now to bring 
the mix of resources.
    They have also reached out to the chief procurement 
officer--that would be Elaine Duke--to get their input as to 
how they can organize and put together a meaningful 
integration, an integrative project team. They hope to have 
something done and reach their resource capability this year. 
It is not something they are talking about doing in the 
outyears. But it is this year they want to have those 
capabilities.
    Mr. Lungren. You used the word ``hope.'' I was hoping that 
you would use the word ``confidence.''
    Mr. Skinner. Well, you know, one of the things--and this is 
something that we are experiencing as well, is it is very 
difficult to get the right people in there. We are competing 
with the private sector.
    And when we say we need to go out and hire 1,000 
procurement officers, it sounds easy enough until you go out 
and try to hire them. Then when you only get two applications 
and you are trying to hire 1,000, you know you have a problem. 
We have to be able to--and so that is why I say hope. If we 
can't hire those types of people, then we need to train them 
in-house.
    Mrs. Christensen. The gentleman's time is expired.
    Mr. Lungren. Thank you.
    Mrs. Christensen. And I know that the comptroller, Mr. 
Walker, has to leave shortly. I would like to try to get in at 
least another member.
    The chair recognizes Ms. Lofgren for 5 minutes.
    Ms. Lofgren. Thank you, Madam Chairman. And I will make my 
first question to Mr. Walker since I know he has to leave.
    Mr. Walker. Thank you.
    Ms. Lofgren. The report reviews the progress of the US-
VISIT Program, something I am very interested in. And I am 
concerned or interested in whether the additional funds in the 
proposed 2008 budget will provide hiring sufficient staff with 
the necessary skills and abilities to implement this program, 
which hasn't been as effective as I had hoped so far.
    And I am particularly interested in not only whether the 
technological deficiencies that have been identified can be 
addressed with what is budgeted and also the exit portion of 
the system, which the secretary has indicated may not be 
implemented at all. Can you advise us on that?
    Mr. Walker. Yes, we have done work in this area. We are 
continuing to do work in this area. The exit portion is a 
challenge. There is no question about that. I think the other 
thing we have to keep in mind is the US-VISIT Program works to 
the extent that you have got people going through normal ports 
of entry who are trying to do things above board.
    And I think we have to recognize we have two types of 
immigration problems and two types of border security problems, 
one of which is where people are coming through official 
borders where we have capabilities, and one of which is where 
they are not.
    Ms. Lofgren. Well, we know that.
    Mr. Walker. And they are very different.
    Ms. Lofgren. But, for example, we are looking at the visa 
waiver program, the administration has proposed expanding the 
visa waiver program. The trigger for visa waiver is what is the 
overstay rate. Well, how are you going to know that if you 
don't have the exit system in place?
    Mr. Walker. And we clearly need to do something in order to 
keep track of people who are in the country and who have 
overstayed their visas. That is a major problem. And so, the 
question would be is if this approach isn't going to work, then 
what is the alternative to this that is being proposed.
    Ms. Lofgren. Are the funds sufficient to bring up the exit 
phase?
    Mr. Walker. I haven't had a chance to look at what funds 
are being proposed by the president in the 2008 budget. We can 
take a look at that.
    Ms. Lofgren. I would appreciate that. That would be very 
helpful to me.
    Mr. Walker. Thank you.
    Ms. Lofgren. Thank you very much.
    Mr. Skinner, you reported that DHS needs to strengthen its 
partnerships with other governmental agencies, but also the 
private sector in terms of IT To what extent has the department 
reached out to the technology industry to integrate their 
concerns, particularly as it relates to protections and 
controls of our IT infrastructure?
    Mr. Skinner. It is something that we haven't done a study 
on, but I tell you that historically we have done a poor job 
there. And the reason--
    Ms. Lofgren. That is what I hear from the private sector.
    Mr. Skinner. Yes, I feel comfortable saying that because we 
do talk to the private sector. Cybersecurity is an area that is 
also of interest to us, and it is something that we plan to do. 
We now have now someone that is--after months and months of 
that job being vacant and as a result, we were just meandering.
    Now we have some leadership in there. I think we need to 
give the individual some time to get his feet grounded. And 
then it is time then to evaluate as to what his plans will be. 
And quite frankly, right now I don't know what they are.
    Ms. Lofgren. Well, in addition to his plans--and I haven't 
had a chance to talk to Greg yet, but hopefully we will soon. I 
mean, I have known him for many years. There is the plan that 
the administration and Congress have adopted that was drafted 
years ago.
    We might want to revisit whether it is still enough or even 
if it ever was enough. But whether we have implemented what has 
already been the marching orders in addition to the legislation 
passed and signed by the president in the 108th Congress. 
Apparently you haven't looked at that yet.
    Mr. Skinner. No, we have not.
    Ms. Lofgren. I don't know what your workload is, but I 
would find it very useful to have some information on those 
points.
    Mr. Skinner. Okay, thank you. And I will try to get that 
information to you. I have our I.T. guru with me today in 
anticipation of the cybersecurity question.
    Ms. Lofgren. Very good.
    I yield back. Thank you, Madam Chairman.
    Mr. Walker. Madam Chair, with your permission, I am more 
than willing to have our managing director for homeland 
security and justice, Norm Rabkin, take my place. I have got a 
meeting with the Senate chair, Joe Lieberman, that I have 
already pushed back an hour, if that is all right.
    Mrs. Christensen. Without objection, we would be happy to 
have that--
    Mr. Walker. He is manager of the Directorate of Homeland 
Security and Justice. He is very familiar with these issues. 
Thank you very much.
    Mrs. Christensen. Thank you. And thank you for your 
testimony and for staying so long with us.
    And, Mr. Skinner, we hope that you will be able to 
continue. We just have a few more members to ask some 
questions.
    Mr. Skinner. Sure, I will be pleased to.
    Mrs. Christensen. And so, the chair now recognizes Mr. Dent 
for 5 minutes.
    Mr. Dent. Thank you, Madam Chairman.
    Mr. Skinner, my question is directed to you. Eight Great 
Lake states have pooled their DHS grant funds to obtain the 
Project Athena technology, which utilizes existing technology 
to perform a complete maritime domain awareness, which helps 
secure the northern border. This project has been tested 
successfully, as I understand it. However, DHS has rejected it.
    Why is DHS rejecting technologies that are already 
available to address pressing security issues in favor of 
waiting for SIB net technologies, which are untested and 
expensive? And I guess my main question is is this an efficient 
use of resources? And do you feel that this is a proper way to 
proceed?
    Mr. Skinner. I am not familiar with the project, nor am I 
familiar with DHS's objections. But I am certainly concerned if 
the DHS is not taking these types of initiatives into 
consideration when they do their overall assessment of what our 
border control needs are. I will be happy to take a closer look 
at this, if you suggest. And I could have our people meet with 
your staff to get more background on this. And we can 
incorporate this into our SBI ongoing review.
    Mrs. Christensen. Excuse me. Could you just for a minute--
would the gentleman from GAO restate his name and title for the 
record, please, before we go ahead?
    Mr. Rabkin. My name is Norman Rabkin, R-A-B-K-I-N. I am the 
managing director for homeland security and justice issues at 
GAO.
    Mrs. Christensen. Thanks.
    You may continue, Mr. Dent. Sorry for the interruption.
    Mr. Dent. I am just a bit perplexed as to why this project 
has been rejected. And so, we really would appreciate some 
follow-up from you and the other folks at DHS to help us 
understand the reasoning behind the rejection.
    Mr. Skinner. Sure. We will be pleased to, sir.
    Mr. Dent. I yield back.
    Mrs. Christensen. Thank you.
    The chair now recognizes Mr. Carney for 5 minutes.
    Mr. Carney. Thank you, Madam Chair. I appreciate it.
    And, gentlemen, thank you for staying and waiting for the 
recess to end so we can get back from voting. I just have a 
couple of questions.
    The first deals with the business transformation office. I 
and I think many in the committee have had a difficult time 
figuring out what the Business Transformation Office does. Can 
you tell me what it does? And more importantly, can you tell me 
what you think it ought to be doing?
    Mr. Skinner. No, I cannot tell you what it does.
    Mr. Carney. Why is that?
    Mr. Skinner. It is just not on my radar screen, quite 
frankly, at this point in time. We are spread so thin that I am 
trying to focus our resources on the big dollar acquisitions, 
Katrina and some major I.T. initiatives that I haven't taken a 
look at that part of the department.
    Mr. Carney. Okay. What was it intended to do? Do you 
recall?
    Mr. Skinner. I beg your pardon?
    Mr. Carney. What was it intended to do?
    Mr. Skinner. No, I don't know.
    Mr. Carney. You don't? Okay.
    Mr. Skinner. Yes.
    Mr. Carney. The second question is--perhaps do you?
    Mr. Rabkin. GAO has done a little bit of work at this. We 
have looked at the extent to which the department has been 
planning and trying to integrate the agencies into a cohesive 
department. The Business Transformation Office had a role in 
that area. And I will be glad to provide more specifics about 
the results of our work.
    Among other things we found, however, that it did not have 
enough authority to carry out any of its plans. And my 
understanding that it has since been disbanded.
    Mr. Carney. Yet it still appears on the organization chart? 
Is that correct?
    Mr. Skinner. I don't believe it does.
    Mr. Carney. Okay. That the office does not exist any more. 
Is that correct?
    Mr. Skinner. It doesn't appear on the organizational chart. 
That is for certain. It may be buried in one of the 
organizations or in the undersecretary of management's office.
    Mr. Carney. Okay, thanks.
    One quick one. As you both know, the department didn't 
score very well on the last OPM survey. And, you know, we are 
very familiar with this now. The departments have had similar 
rankings a couple of years ago as well.
    Can you explain why it didn't improve over 2 years, these 
rankings, you know, and what are we doing to help it improve, 
especially the morale of the employees?
    Mr. Skinner. I really don't want to speculate without 
knowing some real work and doing some follow-up work. But any 
time you have a reorganization like we have just gone through 
at DHS and where we have these very, very different cultures 
coming together, it inherently will create some morale problems 
as to who is going to have primacy or who is going to--the CBP, 
for example.
    Now, who is going to run the office, someone from Customs 
or someone from INS? Same scenario you have over at ICE. Who is 
going to run the field office, someone from INS or someone from 
Customs?
    And that in turn can, in fact, create some morale problems. 
We have done some work in that area and have observed that in 
those two offices. Throughout the rest of the department, it is 
hard to say without doing some follow-up work and delving into 
and looking behind the scenes for the questions.
    Mr. Carney. Do you know if they looked behind the scenes 
after the 2004 survey?
    Mr. Skinner. I do not know if they have not. But I do know 
that Secretary Chertoff and Deputy Secretary Michael Jackson 
and Undersecretary Schneider are all very disturbed by the 
results of this and are going to try to do their best to 
address this issue because it is something that I think they 
were shocked at when they heard it was as low as it was. 
Incidentally, when you break it out organizationally, the OIG 
came out pretty high.
    Mr. Carney. Okay.
    Mr. Rabkin, any insight into this?
    Mr. Rabkin. One of the limitations of the survey is that 
there is not much of a feedback loop from the people filling 
out the survey, the employees, to the head of the agency. GAO 
is a smaller agency. We weren't included in the executive 
branch's survey. We conduct our own survey.
    And we had an 80 percent response rate. And 60 percent of 
the people responding wrote comments directly and 
confidentially to the comptroller general that only he saw. And 
it enabled him to get a good sense as to what the real issues 
were, both positive and negative.
    And I think that that is important to get. It is hard to do 
in an agency the size of DHS for a hundred and some thousand 
people to write comments to Secretary Chertoff.
    Mr. Carney. Sure.
    Mr. Rabkin. It is probably got to be broken up by 
components. But I think it is an important loop.
    Mr. Carney. Have redactive results at least been shared 
with the department to give them some indication of strengths 
and weaknesses?
    Mr. Rabkin. Well, I don't think there was any--I think when 
the survey was done, the people that responded just marked off 
how satisfied they were with various issues, how much they 
agreed with the issues. I don't think there was an opportunity 
for them to provide narrative comments.
    Mr. Carney. Is that a possibility in the future?
    Mr. Rabkin. That is up to OPM. They run the survey.
    Mr. Carney. Thank you.
    Madam?
    Mrs. Christensen. Yield back?
    Mr. Carney. Yes.
    Mrs. Christensen. The chair now recognizes Mr. Green for 5 
minutes.
    Mr. Green. Thank you, Madam Chair.
    And I compliment you on the outstanding job that you are 
doing. Because time is of the essence and Mr. Walker is not 
here, I believe Mr. Rabkin, you are the person that I might 
address my comments to.
    If you will kindly turn to page 16 of the report titled, 
``Management and Programmatic Challenges Facing the Department 
of Homeland Security.'' On page 16--and I will give you an 
opportunity to get there. We are in the first paragraph, 
actually the first complete sentence.
    In addition, TSA has not developed a strategy as required 
for securing the various modes of transportation. That sentence 
causes a great deal of consternation--as required for securing 
the various modes of transportation.
    Who required that the strategy be developed, sir?
    Mr. Rabkin. My recollection is that there is a 
congressional mandate that TSA provide the strategies for not 
just the transportation security generally, but for the various 
modes, aviation, commercial vehicles, rail, et cetera.
    Mr. Green. And the indication is that the strategy, not the 
implementation, but just the strategy itself has not been 
developed. Can you explain why we don't have a strategy 
developed, please?
    Mr. Rabkin. I really can't. We have been waiting for them 
to provide it to us also. You know, I think that is an 
appropriate question to ask the secretary or the assistant 
secretary for transportation security.
    I think it is important for them to identify, as they have 
for aviation, what the federal role is going to be, what the 
private sector role is going to be, what role technology is 
going to play in each of these various modes of transportation 
security, how that we are going to balance the movement of 
passengers and commerce with the need to provide additional 
security. Very important policy questions that are being dealt 
with on an ad hoc basis now. And that is why we are looking for 
the strategy, to lay these things out more specifically.
    Mr. Green. And is there some timeline that has been at 
least addressed or talked about with reference to developing 
this strategy?
    Mr. Rabkin. There was a timeline that--Congress asked for 
this information in a specific time. That has passed. And I am 
not sure what the current expectations are.
    Mr. Green. Let me go quickly to one other point. Early on 
there was talk of persons having to have supervisors present 
when you were quizzing witnesses and having to have the general 
counsel to peruse documents before these documents could be 
accorded you. Is this correct?
    Mr. Rabkin. That is right. And with the documents, it is a 
routine matter that we ask for documents. They are gathered by 
DHS program officials. They flow through their liaisons to 
their lawyers before they are provided to us. In selected cases 
where we have asked to interview agency officials, the office 
of general counsel has had its representatives at those 
meetings.
    Mr. Green. My concern is with getting all of these things 
done. So my question to you is what can we do to assist you in 
getting these done. Obviously not timely, because we have 
already gone beyond the timeline originally accorded. What can 
we do? Or is there something you would have us do?
    Mr. Rabkin. In the case of the transportation security 
strategies for the modes of transportation, I think that that 
is an issue that, you know, the Congress and this committee can 
take up with the department to explore just what the problem 
is, whether there is a difference of opinion within the 
administration, whether the administration is trying to work 
out issues with the private sector that plays a significant 
role in implementing these strategies. There could be a number 
of reasons for that.
    In terms of the access issues, I think that continued 
support of the committee in terms of communications with the 
department and, you know, support of our work is important. 
And, you know, in the end, we are trying to deal with the 
department as best we can balancing, you know, our needs to 
satisfy you as our client with their needs to maintain some 
control over what they give us. But in the end, I think it is--
    Mr. Green. Because my time is almost up--I have about 10 
seconds--let me just say this. In this post-9/11 era, not 
having a strategy, if something should happen, God forbid that 
it does. No one wants it to happen, but people think that 
things may happen.
    I think that the American population, the citizenry will 
find that we have not done all that we should do. The people 
are not going to be pleased knowing that a strategy has not 
been developed, not the implementation, just the mere 
development of the strategy. This causes a lot of concern.
    Thank you. I yield back.
    Mrs. Christensen. Was that a statement or a question? Thank 
you. Your time is expired.
    The chair next recognizes Congresswoman Sheila Jackson Lee 
for 5 minutes.
    Ms. Jackson Lee. Might I thank the chair very much for her 
leadership and thank Mr. Skinner and the representative from 
GAO for your presence here today.
    Let me suggest that anguish is bipartisan. And I want to 
pose some questions that have been offered by my colleagues on 
the other side of the aisle. I have lived with this Border 
Patrol debacle as well. This is the incident occurring in the 
state of Texas about two Border Patrol agents. I think our 
record is clear in this committee.
    Last year we offered an amendment over and over again to 
provide resources, power boats, computers, night goggles for 
our Border Patrol. There is no questioning of our commitment to 
the Border Patrol agency. Many of us on this committee, 
Chairman Thompson and others, have walked along the border, 
Arizona, California, Texas, and we have seen the hard work and 
the difficult work that they have done.
    Here is my frustration. My frustration is that we have 
erred on the side of lacking in giving the agency the kind of 
professional level it needs in terms of funding, in terms of 
professional development, in terms of promotion.
    And, Inspector Skinner, I would appreciate you speaking to 
that issue. And then I would ask--we know there is now a copy 
that has been made public of this incident. I believe that we 
have not had as full an investigation as we should.
    I believe the Department of Justice should be engaged in 
that investigation. And maybe this report has a combination of 
such. But before we begin to say what was covered or not, we do 
know that individuals in the line of duty have now been charged 
criminally.
    That sets a very bad tone for others on the front line. And 
so, it is important that we make sure that every stone needing 
to be turned has been turned to assure the full briefing and 
the full fairness of the particular individuals involved.
    I happen to be a trained lawyer and served as a municipal 
court judge and understand probable cause. And so, when I hear 
the representation that prosecutorial discretion, we all know 
that that is not a perfect system. And so, I don't know whether 
that was the best direction to take. But I do know that our 
Border Patrol agents are suffering from lack of training and 
let me say lack of professional development and lack of growth.
    My second question is--and I am sorry, you do not have a 
name in front of you, so please excuse me. I know that I didn't 
write it down. But I want to know whether or not the general 
counsel and the Homeland Security is blocking to the extent of 
obstruction of justice when the comptroller's office is asking 
for documents to help us understand what is occurring in DHS 
with respect to contracts, with respect to the fraudulent 
utilization of money or the lack of oversight over the huge 
dollars that have gone out on Katrina.
    And my last point is is that we still have the victims of 
Katrina and Rita suffering. And it seems to appall me that we 
are now going to burden college students and others asking them 
for reimbursement for mistakes that FEMA has made.
    And I yield to you, Mr. Skinner, on those three points.

       Prepared Statement of the Honorable Sheila Jackson Lee, a 
           Representative in Congress from the State of Texas

    Mr. Chairman, I thank you for holding this hearing today regarding 
the enormous internal challenges facing the Department of Homeland 
Security. I would also like to welcome the individuals testifying 
today, Mr. David Walker and the Honorable Richard Skinner, to help 
enlighten us on this important issue.
    Of greatest concern to me is the department's designation as ``high 
risk'' by the Government Accountability Office since 2003, and the 
seemingly minimal progress made to correct that ever since. Incredible 
structural problems exist on every level, from financial statements to 
the management strategy to the integration of personnel. While it 
appears that some progress may have been made in the establishment of 
technology standards and the implementation of its human capital 
system, the DHS has not demonstrated sufficient efforts to correct its 
problems as a whole.
    First and foremost, the DHS has not submitted a comprehensive 
corrective action plan to the GAO--the first and most basic step toward 
being removed from the GAO's high risk list. In addition, the 
Department's operations lack transparency and are generally unreceptive 
to the GAO's attempts at oversight. This is entirely unacceptable and 
must be corrected.
    Epsecially after FEMA's embarrassing failures to handle the crises 
of Hurricanes Katrina and Rita, we must see an increase in efforts to 
correct departmental problems for the future. As the representative of 
a district providing tens of thousands of housing units to Katrina 
refugees, I am interested in learning about what more must be done to 
correct the continued shortcomings.
    As a Whole, issues regarding the control, coordination, and 
management of finances are of great concern to me. Department-wide 
efforts to address these deficiencies began much later last year than 
anticipated by the Office of the Inspector General. Financial oversight 
should be a top priority for the DHS. We must ensure that the American 
people's tax dollars are used appropriately and efficiently.
    As chair of the Subcommittee on Transportation Security and 
Infrastructure Protection, I am most interested in hearing the 
witnesses' testimony on these topics. I am pleased that the TSA has 
been successful in implementing the Aviation and Transportation 
Security Act, but further improvements in luggage screening are needed. 
In addition, the management of security in rail and mass transit still 
requires a great deal of work, and I look forward to hearing the 
witnesses' recommendations on this issue.
    Thank you Mr. Chairman, and I yield the balance of my time.

    Mr. Skinner. Thank you. The first part of your question 
dealt with the equipping our Border Patrol agents so that they 
can get the job done.
    Ms. Jackson Lee. And the incident that has now found two 
convicted. Isn't it more on our side of lack of training, more 
professional development and a more full investigation?
    Mr. Skinner. I would welcome any other investigation to 
look at how we conducted our review. I would like to make it 
perfectly clear that we are just an investigative arm. We did 
not prosecute, nor did we influence or were involved in the 
verdict.
    Ms. Jackson Lee. That is true. Yes.
    Mr. Skinner. To set the record straight, we did not 
investigate Compean and Ramos. We investigated like a shooting 
incident. We investigate all shooting incidents.
    Ms. Jackson Lee. Whether the procedures were correct.
    Mr. Skinner. Those are the procedures. Those are the 
requirements. So when we investigated, we investigated this 
shooting incident. We learned through that investigation that 
there were 11 Border Patrol agents involved in this shooting 
incident.
    We pulled together all the evidence that we had to the best 
of our ability. We brought that to the U.S. attorney. The U.S. 
attorney reviewed the evidence that we brought to him and made 
a decision to prosecute two individuals.
    Actually, our investigation demonstrated there were five 
people that were involved in some wrongdoing. The prosecutor 
opted to investigate two of those based on the evidence we 
brought to him. In the other three cases, we referred that to 
the department for their disciplinary action. Those people have 
received notices of removal.
    Ms. Jackson Lee. And you would welcome any other 
investigation that might put this right, if you will, or might 
add some more light on the subject?
    Mr. Skinner. Yes, I would welcome anyone to come in and 
investigate.
    Ms. Jackson Lee. Well, that is a very positive step forward 
because I am going to be asking for expanded investigations on 
this issue.
    Mr. Skinner. Because I am very confident in the work of our 
agents.
    Ms. Jackson Lee. I had two other questions. I know the 
chairwoman is indulging me, but if you would.
    Mr. Skinner. The other dealt with do they need training.
    Ms. Jackson Lee. Is the general counsel of DHS obstructing 
justice by denying various agencies information that they need 
to investigate fraud, abuse in terms of the process and the 
issues that we in Congress are concerned about, contractual, if 
you will, failure in our contractual contracts that are being 
made?
    Mr. Skinner. Our concern is not with the denying us 
information. It is the delays that are caused by the general 
counsel having to review the documents before they are released 
to us. And I realize that in certain situations delay becomes 
denial.
    And we are trying to be aggressive with the department and 
our clients in keeping them posted here--our clients on the 
Hill--keeping them posted on the developments. So we are not at 
the point yet to say that we are being denied access.
    We have various methods of legal recourse and a few 
administrative steps before we get to use them. And we haven't 
gotten that far yet. It is just getting to the point of being 
very frustrating. We have been dealing with the department on 
this and haven't made very much progress, which is why we just 
wanted to bring it to your attention.
    Ms. Jackson Lee. I thank the chair.
    Mrs. Christensen. The gentlelady's time is expired.
    If I have some time left over, I will yield back to you.
    Ms. Jackson Lee. Thank you.
    Mrs. Christensen. My questions are very brief. I am going 
to use up my 5 minutes at this point.
    And I want to thank both agencies for the work that they do 
and the great service that you provide to this committee and I 
am sure other committees so that we are better prepared to 
provide the oversight with which we are charged.
    I will ask Mr. Rabkin first. In Comptroller General 
Walker's statement, he said that DHS continues to face 
challenges balancing its homeland security mission with its 
disaster preparedness and response mission. And as someone who 
comes from an area of the country that is prone to hurricanes--
although most parts of the country seem to be these days--
because of past experiences we have come to rely on FEMA, not 
only to help us recover, but to prepare for those disaster 
events.
    Given the experience of the department responding to 
Hurricane Katrina and even Rita, are you familiar with any 
corrective planning under way in the department that would 
allow them to more effectively balance the security of 
terrorist prevention mission with the disaster preparedness and 
response mission?
    Mr. Rabkin. I think it is getting to the point where the 
department--I think most people recognize that to be prepared 
to respond to any kind of hazard requires the same kinds of 
capabilities and capacities in the first responders locally, 
the state level and the federal level. There is very little 
difference whether a disaster was caused by nature or caused by 
humans. And people who respond to that, as I say, need 
basically the same capabilities.
    And I think FEMA and DHS recognize that, are trying to 
identify, you know, what level is needed, how people can in 
regional response can help each other so everybody doesn't need 
to have duplicate capabilities that might be inefficient. So I 
think they are moving in the right direction. I think they have 
learned a lot of lessons.
    Mrs. Christensen. Somewhere in one of the statements--I 
believe it was still in Mr. Walker's statement--it spoke to 
clarifying the scope of an authority between certain titles in 
FEMA in particular, I think. And I remember when I met with the 
federal coordinated officer and the other person for my region, 
it was still confusing to me and to them. Do you know if they 
have made any progress in clarifying the authority and the 
responsibility of each of those offices, who reports to who and 
how that is coordinated?
    Mr. Rabkin. Yes, they have. I think that is another one of 
the lessons that FEMA has learned. And they have clarified the 
responsibilities, both based on the Stafford Act, what is 
required in the Stafford Act in terms of responding to 
disasters as well as the interactions among the federal 
agencies. You know, whether it is going to work or not is 
another story. But I think at least on paper they have 
recognized the differences.
    Mrs. Christensen. Mr. Skinner, just one brief question. Is 
there one financial management system for the entire 
department?
    Mr. Skinner. No.
    Mrs. Christensen. And why?
    Mr. Skinner. I believe we have at least seven.
    Mrs. Christensen. Is that a goal, to have it all be under 
one--you talked about the difficulty in monitoring their 
finances.
    Mr. Skinner. Yes, there was discussions earlier on. And I 
think when they were exploring with e-merge and e-merge II they 
were looking to the feasibility of developing one financial 
management system that can accommodate everyone. I don't think, 
quite frankly, it is necessary or needed to invest in the 
development of one financial system that will cover everyone in 
the department.
    We have some very good financial systems out there. CBP has 
an excellent financial system that they use. And as a matter of 
fact, they got an unqualified opinion. ICE, the platform on 
which--their financial system is very good. It needs to be 
tweaked. People need to be trained.
    TSA has just transitioned over to the--to use the platform 
over at the Coast Guard. I think with some tweaking we can use 
that system, minimal investment.
    The important thing is to have the capability when these 
individual components prepare their financial statements that 
we have a capability within the office of the CFO to be able to 
bring that information in and prepare consolidated financial 
management statements and also to prepare financial management 
data that can be used to make informed decisions. That is where 
we are really lacking right now, is not the need to create one 
system, it is the need to provide the resources to bring it 
together.
    Mrs. Christensen. Thank you.
    At this point, I believe that Congresswoman Jackson Lee had 
one more question.
    Ms. Jackson Lee. Yes.
    Mrs. Christensen. I would recognize you for a second round.
    Ms. Jackson Lee. I thank the distinguished chairwoman for 
her kindness. And I am just going to pursue the line of 
questioning that I had before because, Mr. Skinner, I had to 
cut you off, Inspector General, and I had to cut the 
distinguished gentleman off because of the time.
    I want to make it very clear that this issue of the Border 
Patrol agents is a bipartisan issue. The majority worked very 
hard to, I think, answer the professional development questions 
in the last Congress. And we intend to do it again, which is 
provide all the needs of training, professional development and 
growth. And that is part of what DHS is responsible for. And I 
would appreciate it if you delve into that just a little bit.
    On the other hand, I am going to officially ask that the 
Department of Justice, which you are not the inspector general 
for--I am going to take your leeway, if you will, certainly not 
your instruction, but your leeway that we have an additional 
investigation. And the issue, of course, is because you made it 
very clear. And I am glad you put it on the record.
    You did not prosecute. You did not indict. You did an 
investigation, provided information. And the others who were 
engaged or involved you decided to handle it administratively, 
or as I understand it, they will be handled administratively, 
firing or suspension.
    That was not--the actions that you had were not 
prosecutorial actions. And I think that should be made clear, 
that DHS was not. And so, DOJ has to give us an explanation of 
why the prosecuting attorney moved so quickly on this and did 
not have either some of the relief. For those who are not 
familiar, it is difficult to understand why this drastic action 
was taken when there was so much hearsay involved in this 
matter.
    I am going to leave that question. And then I do want to 
raise the question again. And you made the very appropriate 
civil rights phenomena, which is justice delayed is justice 
denied. I would appreciate the comptroller general and your 
office getting back to the committee to let us know--and you 
indicated--but quickly when it becomes justice denied.
    I am very concerned about that. And I believe with this 
huge mounting bill of fraud and the frustration of the American 
people and their tax dollars being unaccounted for that we 
really need to move quickly to get to the bottom of the massive 
contracts and as well. Because I don't know why we are so 
contracted out. I believe there are talented public servants 
who can work for DHS.
    And my last point--and this is a repeat, but I would like 
you to expand on it. There is the desire--because I sound like 
I may be duplicitous in my remarks--to ensure the protection of 
American tax dollars. But there are victims in Hurricane 
Katrina.
    So rather than going after the big contractual abuses, we 
are now going to try to ask college students to pay back for 
some misstep or mistake that we have made. I would like some 
explanation as to who are we going after. We have made paper 
mistakes, as I understand, out of FEMA and DHS. And I 
understand there is some effort to go back and get individual 
$25 and $500, which to me sounds outrageous when we have 
massive concerns about large contractors who are spending huge 
amounts of money.
    I understand one contractor has $19 million in travel 
expenses. That is ridiculous. One of the programs that needs to 
be investigated is the road home. But let me just end so that 
you can answer on making sure that we focus on professional 
development and training for our Border Patrol agents and then 
to understand this situation about trying to get reimbursement 
from people who are already victims.
    And you might be the quickest answer. Will you please 
advise us when it becomes justice denied on this refusal of 
giving you documents?
    Mr. Rabkin. We certainly will.
    Ms. Jackson Lee. All right. Thank you.
    Mr. Skinner?
    Mr. Skinner. The concerns you are raising about the hiring, 
the training--
    Ms. Jackson Lee. Yes, that is what we should be focused on.
    Mr. Skinner. That is something that we are also very 
sensitive to. The reason being last year, this year, and next 
year we will be doing tremendous amount of hiring to beef up 
our capabilities along the border with Border Patrol agencies. 
And therefore, in order to ensure that we are doing it right, 
that we are bringing the right types of people to the job, that 
we are adequately training these people to do the job, and that 
we are adequately equipping them to do their job, that is a job 
that we currently have ongoing.
    And it will be something that will be a continuing process. 
We will probably end up issuing a series of reports over the 
next 1 to 2 to 3 years as we build up our capability along the 
border in addition to the work we are doing with SBInet.
    With regards to the--
    Ms. Jackson Lee. Alleging that individuals got money 
fraudulently and seeking to get it reimbursed. Many of these 
are victims. All of this was paperwork, mistakes on behalf of 
the agency and not these individuals.
    Mr. Skinner. Yes, I agree wholeheartedly. We should not be 
going after victims. And I don't care whether it is $200 or 
$2,000. If they are, in fact, eligible for that assistance, 
there is no reason that we should be changing the rules after 
they receive the money and asking for it back.
    I am not aware that FEMA or anyone else is suggesting that 
we go back and seek refunds from those that received it 
properly, or at least thought they were receiving it properly.
    Ms. Jackson Lee. I think that is the key, thought they were 
receiving it properly is really where we find some of these 
victims.
    Mr. Skinner. Because the process does allow for appeals and 
allows you to present your case. You are right. We have major 
procurement fraud out there that needs our attention.
    Ms. Jackson Lee. Absolutely.
    Mr. Skinner. I cannot be spending all of our resources, 
very, very limited resources, following up on $2,000 cases for 
the next 2 or 3 years.
    Ms. Jackson Lee. I appreciate that.
    Mr. Skinner. And we will be focusing on those large public 
procurement, public corruption type cases, procurement cases 
where there is large dollar value. We will be looking at the 
actions that FEMA has taken to identify those people that may 
have received funds improperly and what procedures they have in 
place to try to obtain refunds for those victims.
    The important thing is that is in the past. And we could 
spend hundreds and hundreds of thousands of dollars trying to 
recover $2,000 or $3,000. What we really need to focus our 
attention and our resources and our finances on are the 
internal controls to ensure that this does not happen again and 
that when we give someone a check, we know we are giving it to 
an eligible recipient.
    Ms. Jackson Lee. I want to thank the chairwoman for her and 
I want to thank the witnesses for their kind indulgence. I want 
to thank the chairwoman for her indulgence and might offer that 
we have a full committee hearing on these questions of 
procurement and also this whole issue dealing with the Border 
Patrol agents. I thank the gentlelady for her kindness.
    Mrs. Christensen. You are very welcome, Congresswoman 
Jackson Lee.
    Mr. Green, did you have a further question?
    Mr. Green. Actually, I will since the offer has been 
extended.
    Mr. Skinner, with reference to the Border Patrol agents, 
who were the witnesses, if you know, that testified in that 
case other than perhaps the person who was shot?
    Mr. Skinner. Like I said, when we investigated the 
incident, we identified at least 11 people that were involved, 
directly, indirectly or aware of or should have been involved 
in that shooting. Those individuals, I believe, all became 
witnesses. Three of those individuals were granted immunity 
from prosecution--these were CBP agents--for their testimony. 
There may have been others. I don't have a recollection exactly 
of all the people that provided testimony and evidence in that 
particular trial.
    Mr. Green. And you said CEP agents?
    Mr. Skinner. CBP. I am sorry. Customs and Border. I have 
been cautioned not to use acronyms before. Customs and Border 
Patrol agents.
    Mr. Green. And is it your testimony that these witnesses 
testified on behalf of the defense or the state?
    Mr. Skinner. I believe these individuals testified for the 
state for the prosecutor.
    Mr. Green. Thank you.
    I yield back.
    Mrs. Christensen. Thank you.
    I want to take this opportunity to thank the witnesses for 
their valuable testimony and the members for their questions.
    The members of the committee may have additional questions 
for the witnesses in writing. And we ask you to respond 
expeditiously in writing to those questions.
    Hearing no further business, the committee stands 
adjourned.
    [Whereupon, at 3:55 p.m., the committee was adjourned.]


  APPENDIX: RESPONSE TO SUPPLEMENTAL QUESTIONS FROM THE COMMITTEE ON 
                           hOMELAND SECURITY

                              ----------                              


   Responses from the Honorable Richard L. Skinner, Inspector General

    Question 1.: Please explain why DHS has been unable to produce a 
clean financial statement for the entire Department?
    Response: DHS management is unable to assert that the consolidated 
financial statements are reliable, primarily because they are unable to 
reconcile their intergovernmental accounts, such as Fund Balance with 
Treasury, or their assets (property, plant and equipment). The American 
Institute of Certified Public Accountants and Government Auditing 
Standards refer to this situation as a restriction on the scope of the 
audit, and therefore the auditors are unable to render an opinion. In 
addition, the financial statement audit report for 2006 lists several 
other reasons why the department cannot get a clean opinion:
         DHS' Office of Financial Management is unable to 
        reconcile legal liability
         Transportation Security Administration (TSA) is unable 
        to prepare financial statements.
         Federal Emergency Management Agency (FEMA) and the 
        Bureau of Immigrations & Customs Enforcement (ICE) are unable 
        to adequately and accurately support obligations and accounts 
        payable.

    Question 2.: In addition to the Department's problems in carrying 
out its responsibilities in implementing SBInet and the National 
Security Cutter programs, are there any particular programs you would 
like to bring to our attention as likely to present special challenges 
for DHS?
    Response: Our body of work to date has not identified programs 
similar to CBP's SBInet and Coast Guard's Deepwater programs. As our 
work progresses and similar challenges are identified within the 
department, we will bring those programs to your attention.

    Question 3.: Please explain how personnel and morale problems such 
as those highlighted in the recent Office of Personnel Management 
report, which highlighted the morale problems among employees at DHS, 
have affected DHS's ability to accomplish its mission.
    Response: In a January 31, 2007, message to all DHS employees, the 
Deputy Secretary wrote to assure all employees that, starting at the 
top, the leadership team across DHS is committed to address the 
underlying reasons for DHS employee dissatisfaction and suggestions for 
improvement. The Deputy Secretary stated that the Under Secretary for 
Management, Paul Schneider, will join the Secretary and Deputy 
Secretary in evaluating carefully the details of the OPM survey. The 
first steps will be to analyze thoroughly the survey data, including 
specific attention to those government organizations that are 
recognized for their high performance in these areas, and determine the 
specific steps to improvement. According to the Deputy Secretary, this 
process will include the leadership team in each operating component 
and every headquarters unit to discuss details of the survey with our 
workforce. The Deputy Secretary committed to these tasks with a sense 
of urgency and seriousness.
    DHS OIG has not conducted any work in this area, and cannot report 
directly on the effect that personnel and morale problems have on DHS' 
ability to accomplish its mission.

    Question 4.: Please provide information regarding investigations of 
DHS's failure to build internal capacity while outsourcing many of its 
responsibilities. In particular, please explain the extent to which DHS 
over-relies on contractors to fill employee vacancies.
    Response: We have several ongoing reviews that are looking at DHS' 
internal contract oversight capacity, and will report on those projects 
as work is completed. We have not conducted any work in the areas of 
contractors filling employee vacancies, and cannot report directly on 
the extent that DHS over-relies on contractors to fill employee 
vacancies.

    Question 5.: Please explain any and all concerns regarding DHS's 
failure to set sufficient requirements for ``solutions based'' 
procurement contracts. Also, please explain whether there is sufficient 
monitoring for the contractors who win these awards.
    Response: The common term is a ``performance-based contract,'' 
wherein the government describes its needs in terms of what is to be 
achieved, not how it is to be done. One appeal of performance-based 
contracting is that it allows the government to focus on identifying 
needs, objectives, and constraints and allows private sector to focus 
on developing a business proposal to meet the needs and objectives. The 
contracting approach shifts from looking for the low cost, technically 
acceptable solution to looking for the best-value solution, which is 
often more innovative than the traditional approach. To determine best 
value, the government must measure performance trade offs and the cost-
effectiveness of the various proposed solutions.
    Oversight in specifications-based (traditional) contracting is a 
matter of determining whether or not the contractor complies with the 
explicit terms of the contract. In performance-based contracting, 
oversight is a matter of determining whether the contractor's solution, 
when complete, will meet the mission needs specified in the contract. 
Oversight focuses on program performance and improvement from a defined 
baseline, not contract compliance.
    Performance-based approaches, such as Statements of Objectives, 
require the government to have stronger management and control 
capabilities than traditional contracting. Before the government 
selects a contractor and agrees on compensation, the government must be 
able to articulate program needs. The government must be able to 
evaluate each proposal's likelihood of achieving the program needs, on 
time, and at a reasonable cost. It is in this area that we have raised 
concerns regarding two major acquisition activities currently underway, 
Deepwater and SBInet. In these cases the projects were initiated 
without adequate project management capabilities in place. In both 
cases, management now appears to be moving towards improving their 
project management capabilities.

    Question 6.: Please provide procedures and studies regarding the 
adequacy of safeguards DHS has in place to enable small, minority and 
disadvantaged businesses to have a fair chance in the procurement 
process.
    Response: We have not conducted any work in the area of small, 
minority, and disadvantaged businesses, and therefore cannot report 
directly on the safeguards DHS has in place to ensure fairness in the 
procurement process for these businesses.

    Question 7.: How many vacancies does DHS have and does it have 
sufficient funding to hire the staff it needs?
    Response: We have not conducted reviews of DHS staffing, vacancies, 
or hiring practices. Therefore we cannot report directly on DHS' 
funding to fill its vacancies.

    Question 8.: Please provide information regarding any studies that 
indicate that continuity of employees is an important factor in 
organizational function and institutional memory? Also, please explain 
the extent to which the widespread use of contractors cause continuity 
problems within DHS?
    Response: We have not conducted any work in the area of continuity 
of employees, institutional memory, or the effect that the use of 
contractors has on continuity problems, and therefore cannot report 
directly on the importance of these factors on organizational function.

    Question 9.: Please provide information regarding the extent to 
which the Directorate of Management needs to be reorganized or even 
eliminated.
    Response: We have not conducted a review of the Management 
Directorate, and therefore cannot report directly on any reorganization 
or realignment issues.

    Question 10.: Please provide us with the current functions of the 
Business Transformation office. Provide examples of models that would 
be suitable to further DHS's migration.
    Response: We have not conducted a review of the Business 
Transformation Office, nor on any models for organization 
transformation or migration. Therefore, we cannot report directly on 
the suitability of the Business Transformation Office or any 
alternative.

    Question 11.: Why do you think DHS ranked at the bottom of the 
just-released OPM survey of job satisfaction among federal employees 
and made so little progress in two years since OPM's previous survey? 
What does DHS need to be doing now so that it improves two years from 
now?
    Response: Some aspects of the challenges facing DHS were inherited 
by the department from its legacy agencies. However, the complexity and 
urgency of DHS' mission have exacerbated the challenge in many areas. 
These management challenges significantly affect the department's 
ability to carry out its operational programs and provide the services 
necessary to protect the homeland. The department's senior officials 
have indicated the importance of addressing these challenges and have 
identified plans to address them.

    Question 12.: What steps have FEMA and DHS taken to resolve the 
problems in FEMA's automated payment system, which uses out-dated 
technology and, thus, had limited expansion capability to support 
catastrophic disaster like Katrina?
    Response: We understand that FEMA has contracted for an independent 
analysis of its financial management system to address the system's 
limitations. FEMA recently solicited proposals to perform a 
requirements analysis of the functions and associated components of its 
financial management system and to determine the best solution for 
replacement. The analysis should determine whether one of the DHS 
designated `Centers of Excellence' (Coast Guard, FLETC, Secret Service, 
or CBP) is the best fit, or whether FEMA should have an independent 
system to support the unique and surge requirements for the disaster 
assistance missions. The contract was awarded the first week of 
December 2006 and a final recommendation should be provided in April 
2007. We will monitor FEMA's progress.

    Question 13.: Please explain the extent to which FEMA has acted on 
the numerous GAO recommendations for addressing significant fraud, 
waste, and abuse in FEMA's Individuals and Households Program (IHP) and 
in Department of Homeland Security's purchase card program.
    Response: IHP: FEMA officials agree that more stringent controls 
are preferable on the front end, but contend that the sheer magnitude 
of the event dictated proceeding in the manner the agency did because 
there was no time to develop and test additional front end controls. 
FEMA has taken steps to implement new controls to limit fraud, waste, 
and abuse. They have implemented an automated identity and occupancy 
verification system to confirm identity and residency of applicants 
registering for assistance. They continue to evaluate and strengthen 
controls pertaining to identity, residence type, and cross-disaster 
applicant checking.

Other controls implemented include:
         Internet registration application that disallows 
        duplicate registrations was implemented in October 2005.
         Identity proofing added to call center registration 
        application in February 2006.
         Amended automated scripts ensuring no scripted 
        payments sent to applicants who fail identity proofing.
         All applications taken through call centers from 
        August 2005 until February 2006 have been sent to contractor 
        for identity proofing to detect potentially fraudulent 
        applications and route for recoupment processing.
         Real-time interaction between FEMA Service 
        Representative and applicant during registration to ensure any 
        failed identity check is correct before accepting application.
         In June 2006, will add verification of occupancy and 
        ownership to registration process.
         Flagging at-risk social security numbers to identify 
        potential fraud.
         Developing state-of-the-art software to maintain data 
        on applicants in mobile homes and communicate real-time to 
        caseworkers and auto-determination system to prevent potential 
        overpayments.
         System no longer accepts a Post Office Box as address 
        of damaged dwelling.
    Purchase Cards: In July 2006, our office in conjunction with GAO 
conducted a review of control weaknesses regarding purchase chards. We 
reported a weak control environment and breakdowns in key controls 
exposed DHS to fraud and abuse in its use of the purchase cards and 
recommended that DHS improve the processes and internal controls over 
its purchase card program. We will continue to monitor progress in 
respect to Purchase Cards.

    Question 14.: Has DHS begun to address any of GAO's seven 
recommendations for improving DHS's oversight of cash advance funding 
for first responder grants and associated interest liabilities? If so, 
please explain how DHS is addressing these, including the 
recommendation that urges the Department to identify the significant 
issues that have resulted in delays in the drawdown and disbursement of 
DHS grant funds?
    Response: The Office of Grants and Training is preparing an action 
plan to respond to the to the GAO recommendations, however, the 
response is not yet final. While the office is already working on 
implementing some of the recommendations, the pending reorganization 
may affect the offices assigned responsibility for the recommendations 
and issues.

    Question 15.: As a result of the creation of Homeland Security in 
2003, legacy INS and legacy Customs Special Agents were merged to 
create the U.S. Immigration and Customs Enforcement agency. Customs 
agents previously enforced over 400 federal laws and immigration agents 
enforced laws pursuant to the Immigration and Nationality Act (Title 
8). It appears that ICE agents are heavily focused on immigrations 
investigations such as worksite enforcement. What measures are being 
taken to insure a continuity of enforcement from both legacy missions?
    Response: We have not specifically reviewed what measures are being 
taken to insure continuity of enforcement from both legacy missions. 
However, in our report, An Assessment of the Proposal to Merge Customs 
and Border Protection with Immigration and Customs Enforcement, OIG-06-
04, November 2005, we addressed several coordination challenges 
confronting Customs and Border Protection (CBP) and Immigration and 
Customs Enforcement (ICE). We made 14 recommendations to overcome 
interagency coordination and integration challenges confronting both 
components. Those recommendations covered four areas, including:
        1. Defining and communicating roles and responsibilities with 
        respect to policy and operational coordination between the 
        Department of Homeland Security (DHS) headquarters, CBP, and 
        ICE;
        2. Conducting integrated planning and coordination of policies 
        and resources;
        3. Reviewing, developing, and implementing policies and 
        procedures to improve and enhance operational coordination 
        between CBP and ICE; and
        4. Providing oversight and implementing metrics and performance 
        measures to ensure that the actions and initiatives taken or 
        proposed achieve intended results.
    In April 2006, the DHS Deputy Secretary responded by outlining the 
activities and programs the department intends to implement to address 
the 14 recommendations we made to improve coordination between CBP and 
ICE and enhance interoperability at the field level.
    In June 2006, we began a follow-up review of DHS' progress in 
addressing coordination challenges between CBP and ICE. DHS has made 
significant progress toward improving coordination and interoperability 
between the two components. For example, DHS made organizational 
changes with the department, including creating the Offices of Policy, 
Operations Coordination, and Intelligence and Analysis. Senior 
officials of CBP and ICE created the ICE-CBP Coordination Council to 
provide a forum to address CBP and ICE policy and operational 
coordination issues. In addition, the department established the Secure 
Border Initiative and Border Enforcement Task Forces.
    However, additional work is necessary. Most notably, CBP and ICE 
can address the remaining challenges by placing increased emphasis on 
(1) improving communication between CBP and ICE headquarters elements 
and all levels of field personnel; (2) improving intelligence and 
information sharing; (3) strengthening performance measures; and, (4) 
addressing ongoing relational issues among some elements of the two 
components. We anticipate releasing a final report by April 2007.

    Question 16.: What hurdles exist in getting the Transportation 
Sector Specific Plan that was due over two years ago finalized and 
published?
    Response: We have not conducted any work in the area of the 
Transportation Sector Specific Plan, and therefore cannot report 
directly on any hurdles to finalizing and publishing the plan.

    Question 17.: In October of last year GAO sent a letter titled 
Combating Nuclear Smuggling: DHS's Cost-Benefit Analysis to Support the 
Purchase of New Radiation Detection Portal Monitors Was Not Based on 
Available Performance Data and Did Not Fully Evaluate All the Monitors' 
Costs and Benefits to the chairmen of both the House and Senate 
appropriations committees. Has there been any activity in the Inspector 
General's office to look at DNDO's cost-benefit analysis and if so what 
are you finding?
    Response: We met with Government Accountability Office (GAO) 
officials in November 2006 to leverage information obtained on 
previously conducted Domestic Nuclear Detection Office (DNDO) work, 
such as the letter you referenced, and have mitigated our review 
efforts of DNDO for potential overlap with current and future GAO 
engagements. GAO officials said they would be conducting additional 
work on DNDO's cost-benefit analysis to determine whether it provides a 
reliable basis for making major procurement decisions, such as whether 
to invest heavily in deploying a new portal monitor technology.
    On December 20, 2006, we initiated a review assessing the DNDO's 
progress in integrating detection and response capabilities. We are 
examining DNDO programs and initiatives to support the integration of 
domestic nuclear and radiological detection, notification, and response 
systems, including DNDO's coordination efforts with other federal 
agencies and state governments. In addition, we will evaluate whether 
DNDO's programs overlap or duplicate those of other federal agencies 
with nuclear/radiological detection responsibilities. An evaluation of 
other governmental and nongovernmental entities with nuclear detection 
and response responsibilities is not within the scope of this review. 
We anticipate releasing a final report by July 2007.

    Question 18.: As the government agency charged with securing the 
nation's critical cyber infrastructure, how is DHS supposed to provide 
adequate leadership to the nation's critical infrastructure owners when 
the Department itself continues to receive failing grades on securing 
its own critical infrastructure?
    Response: In September 2006, the first Assistant Secretary for 
Cyber Security and Telecommunications (CS&T) for DHS under the 
Preparedness Directorate was appointed. Under this leadership, the 
National Cyber Security Division is working collaboratively with public 
and private sector entities to secure the nation's cyber 
infrastructure. We are currently finalizing our second review of NCSD 
operations and will be issuing our report in May 2007. While CS&T is 
leading the movement in securing the nation's critical infrastructure, 
the DHS Chief Information Security Officer (CISO) continues to improve 
DHS' own critical infrastructure by ensuring that its components are 
complying with FISMA requirements. The CISO continually monitors and 
reports on the status of each component's FISMA scorecard to ensure 
that all aspects of the information security program are being 
achieved.

    Question 19.: What steps have the Department taken to resolve flaws 
in the way that FISMA evaluations are performed and what steps remain?
    Response: DHS is developing an information security program that 
standardizes the processes that its components must follow to ensure 
that all FISMA standards and requirements are being met. As 
illustration, the department first established its system inventory and 
the continued updating of that inventory. Subsequently the department 
undertook the goal to certify and accredit each of its systems. The 
department is now focusing on the quality of its plan of action and 
milestones and also of the systems certification and accreditations 
performed. The department continues to mature its security program and 
to review the quality of all of its FISMA processes.
    The OIG has not conducted a complete evaluation of how the 
department performs its own evaluations of FISMA compliance at the 
department level and at each of its components. The OIG will review the 
quality of the department's FISMA processes during its annual FISMA 
evaluations.

    Question 20.: What is your office doing to ensure that the problems 
that existed with regard to improving laptop computer security, prior 
to Jay Cohen's appointment as the Science and Technology Directorate 
Under-Secretary are addressed? Specifically, what is your office doing 
to oversee S&T's efforts to develop a mature business model and prudent 
project management practices?
    Response: In June and September 2006, the OIG issued laptop 
security reports to S&T covering their unclassified and classified 
systems respectively. In those reports we made several recommendations 
designed to assist S&T in implementing adequate and effective security 
policies and procedures related to the physical security of and logical 
access to its government-issued laptop computers. S&T has taken steps 
or planned corrective action to address the weaknesses we identified. 
Through our compliance follow-up, we continue to monitor S&T's progress 
in implementing their open recommendations. We are currently reviewing 
the final DHS component included in our overall audit. A consolidated 
DHS laptop security report will be issued in July 2007 on the status of 
laptop security Department wide. The significance of laptop security 
and the need for possible follow-up audits to address this area of 
concern will be discussed during our March 2007 annual planning 
conference.
    We have combined two reviews from our 2007 performance plan that we 
are conducting now. We are examining how S&T identifies, prioritizes 
and determines funding for its Research and Development efforts. To 
understand those processes, we are examining how the new organizational 
structure and business procedures guide the Research, Transition, 
Special Access Program, and HSARPA divisions. We are also addressing 
the allocation of funding between the programs and the rationale 
underlying the allocation. In addition, we are reviewing the procedures 
for managing HSARPA projects. We hope to provide useful recommendations 
to improve any S&T processes that appear to be deficient.

    Question 21.: What is your office doing to ensure that Under 
Secretary Cohen develops a plan to strengthen workforce recruitment and 
retention; improve institutional knowledge base; and create a culture 
of responsibility within the Directorate?
    Response: We intend to conduct a review later this year that will 
determine: (a) S&T's initiatives to attract and retain employees with 
the skills necessary to advance the Directorate's mission; (b) its 
processes for evaluating the effectiveness of its employees; and, (c) 
the rates at which employees leave the Directorate as compared to other 
research and development organizations. S&T's ability to retain its 
workforce will have a direct effect on improving its institutional 
knowledge base. In addition, our ongoing review of the Directorate's 
procedures for managing HSARPA projects will reflect the responsibility 
taken by the different layers of management for the success of those 
projects.

    Question 22.: The IG's office released a report called DHS' 
Management of BioWatch Program, which mentioned a few problems, 
especially with the Laboratory Response Network that does the analysis 
of the material gathered in the environmental sensors used by BioWatch. 
The report stated, however, that DHS was alerted to the problems and 
that the IG was now satisfied that the labs are functioning properly. 
Can you please quickly outline the problems you found and how the 
problems were addressed?
    Response: We included in our BioWatch report, a recommendation for 
DHS to address and rectify after-action and previous operation findings 
related to field and laboratory activities. DHS' actions taken and 
planned should help to reduce the number of repeat findings, but our 
report does not conclude, ``the labs are functioning properly.'' DHS 
reported it developed and implemented a protocol to reduce deficiencies 
identified and to ensure that jurisdictions promptly correct identified 
deficiencies. As a result, we considered the recommendations resolved 
and closed.
    Our recommendation was based on the need to enhance management 
controls for oversight of the field and laboratory operations, as 
identified in two DHS reviews of BioWatch field operations. The fist 
conducted in the Spring 2004 and the second in the Fall 2005.
    The summary report of the first site round of visits identified 
procedural deficiency issues in field collection, transport of filters, 
and laboratory operations that needed to be addressed to ensure the 
effectiveness of BioWatch. Examples of high error rates reported 
related specifically to laboratory operations included the following:
         Improper transfer of exposed filters.
         Improper decontamination of the Chain-of-Custody (CoC) 
        bags, inner bags, and holders.
         Procedural errors made in the handoff from the field 
        personnel to the laboratory personnel.
         Improper quality control of critical reagents, the 
        substances used in detecting or measuring a component because 
        of their chemical or biological activity.
         Improperly conducted Sample Management System (SMS) 
        functions.
    Several of the areas in laboratory operations reported as requiring 
improvement in the first round site visits were also reported in the 
second round. The summary report of the second round included the 
following suggestions from DHS for laboratory improvement:
         Establish separate areas for sample receipt, SMS 
        functions (when performed at the laboratory), new filter holder 
        assembly, and sample processing.
         Perform proper decontamination of CoC bags, inner 
        bags, and holders prior to filter cutting and transfer, as well 
        as scissors, cassette openers, and hood between samples.
         Decontaminate bags (containing holders, cassettes, CoC 
        bags, and inner bags), DNA extract tubes, and any other 
        materials with bleach prior to removing from the biological 
        safety cabinet and hood.
         Implement quality assurance and quality control on 
        reagents, including plates, strips, and verification panels, 
        upon arrival; and analyze environmental laboratory swipes and 
        swabs weekly.
         Separate new filter holders from exposed holders 
        during sample collection by transporting them in separate 
        coolers or containers that can be easily decontaminated.

    Question 23.: Please explain what steps DHS has taken and still 
needs to take to address the findings from your office's summer 2006 
report that criticized the Homeland Security Information Network's 
(HSIN) rushed deployment schedule for resulting in a system that does 
not support information sharing effectively, does not fully meet user 
needs, and consequently is not relied upon by State, local, and tribal 
law enforcement agencies.
    Response: In September 2006, the department outlined several steps 
that it had taken to address our HSIN report recommendations. 
Specifically, the department's Office of Operations Coordination had 
held a series of meetings, training sessions, conferences, and 
briefings to clarify and communicate HSIN's mission and vision to 
users, its relations to other systems, and its integration with related 
federal systems. Through emergency management exercises, the department 
had identified gaps in HSIN procedures, guidance, and training. 
Addressing these gaps entailed providing users with over-the-shoulder 
instruction and technical support, and assigning a program manager 
within the newly established HSIN Joint Program Office responsibility 
for tracking training and guidance development activities.
    To increase stakeholder involvement, an HSIN Work Group, comprised 
of a cross-section of DHS personnel, was taking steps to align business 
processes, coordinate requirements, and create cross-functional program 
governance. Further, an HSIN Advisory Committee, with intergovernmental 
and industry representation, was to provide guidance and 
recommendations to the HSIN program manager. In turn, the HSIN program 
manager would work to ensure that performance metrics were established 
and used to determine system and information sharing effectiveness. The 
department did not respond to our recommendation on defining the 
intelligence data flow model for HSIN and providing guidance to system 
users on what information is needed, what DHS does with the 
information, and what information DHS will provide.
    Additionally, in December 2006, the Office of Operations 
Coordination requested that we provide initial comments and feedback on 
a strategic framework and implementation plan it had developed to 
outline the HSIN vision, mission, and desired outcomes. We found, 
however, that the draft documents focused primarily on components 
within DHS with no mention of state, local, tribal, or private industry 
stakeholders. As such, the documents did not address how all 
stakeholders, not just DHS components, would be involved in the system 
development lifecycle process. The Office of Operations Coordination 
did not provide us a copy of the final strategic framework and 
implementation plan.

    Question 24.: In December 2005, your office issued an unclassified 
summary of a report on the Department's Security Program and Practices 
for its Intelligence Systems (OIG-06-3), in which you recommended that 
the Department establish a single, comprehensive, and inclusive 
information security program for its intelligence systems. 
Specifically, you recommended that the Department (1) provide adequate 
security for the information and information systems that support 
intelligence operations and assets; and (2) ensure the confidentiality, 
integrity, and availability of vital intelligence information. What 
progress can you report to date?
    Response: In September 2005, DHS formally appointed the Assistant 
Secretary for Intelligence and Analysis as the Chief Intelligence 
Officer for DHS, responsible for overseeing the department's 
intelligence systems' security program. In October 2005, the Office of 
Intelligence and Analysis (OI&A) was created to assume full 
responsibility for the information assurance of DHS? Sensitive 
Compartmented Information (SCI) systems, excluding those of the United 
States Coast Guard (USCG). In March 2006, the Assistant Secretary for 
Intelligence and Analysis was appointed as the Designated Approval 
Authority (DAA) for DHS' intelligence systems. In April 2006, OI&A 
appointed a Chief Information Officer (CIO). In July 2006, OI&A drafted 
an Interim DHS Management Directive that delineates the 
responsibilities for the oversight and evaluation of DHS' IT security 
program for its intelligence systems. In August 2006, OI&A's CIO 
appointed an Information Systems Security Manager to oversee the 
department's intelligence activities. In October 2006, the Director for 
Information Sharing and Knowledge Management established an 
Intelligence Systems Board (ISB) to govern DHS' intelligence 
activities. Representatives from each DHS component whose systems 
process intelligence information, including USCG, are members of the 
ISB.
    More recently, based on our Fiscal Year 2006 review of DHS' 
information security program and practices for its intelligence 
systems, we reported that DHS established an IT security program for 
its intelligence systems. However, challenges remain regarding the full 
implementation and management of the information security program for 
the department's intelligence systems, especially at the component 
level. Our concerns focus on the coordination and management of the 
security program for the department's intelligence systems. DHS must 
address these concerns in order to provide adequate security for the 
information and the information systems that support its intelligence 
operations and assets and ensure the confidentiality, integrity, and 
availability of vital intelligence information. Specific DHS component 
information and issues related to the current state of DHS' 
intelligence systems security is classified

    Question 25.: Have you met with Secretary Chertoff to discuss that 
you have encountered problems in gaining access to information and if 
so, what mitigating measures did he recommend to assist your in gaining 
access to the documents you need?
    Response: As discussed in more detail in our audit, Acquisition of 
the National Security Cutter, OIG-07-23 (January 2007), we prepared, 
for the Secretary's signature, a one-page memorandum to all DHS 
personnel identifying our authorities and instructing personnel to 
cooperate with our office. We also prepared a four-page document 
providing ``Frequently Asked Questions'' regarding interactions with 
our auditors and inspectors. Both documents were provided to senior 
department officials in July 2006, and despite repeated requests and 
meetings, neither has been issued. In October 2006, the Secretary and 
Deputy Secretary were present at a meeting regarding our cutter audit 
during which the access issue was raised. At that time, we were told 
the access issue was being worked. While our working relationship with 
the Coast Guard has improved dramatically since the issuance of our 
audit, we believe a permanent, department-wide solution is needed.

    The following questions were asked during the hearing, the 
Committee requests that responses be provided in writing.

    Question 26.: What is the status of the investigation and what 
action was taken against those individuals responsible for leaking 
secret information after the recent leaks regarding an October 2005 
subway threat in New York City?
    Response: Our investigation is closed. The two department employees 
resigned, one effective December 31, 2006, the other effective June 8, 
2006, prior to the initiation of any administrative action. Allegations 
against both individuals were declined criminally. While both had 
received a secret briefing, the investigation did not disclose that 
either actually leaked classified information to unauthorized persons.

    Question 27.: What actions has the department taken to ensure that 
employees of the Department realize the absolute necessity of not 
leaking secret information after the recent leaks regarding an October 
2005 subway threat in New York City?
    Response: In accordance with Executive Order 12958, as amended, and 
32 CFR Part 2001, the Department of Homeland Security (DHS) has 
established programs and safeguards for the identification and 
protection of classified information. Incidents involving the 
mishandling or compromise of classified information are promptly and 
thoroughly investigated to determine the cause, mitigate potential 
damage, and implement measures to prevent recurrence. The Department 
also has a security education, training and awareness program that 
requires all DHS personnel, including contractors and sub-contactors, 
receive a security orientation briefing upon initial assignment to the 
Department. For those personnel who have been granted a security 
clearance a separate security briefing is required prior to being 
granted access to classified information and thereafter refresher 
briefings are given each calendar year at approximately 12-month 
intervals. Included in these briefings are sections that cover an 
individual's obligation to protect classified information from 
unauthorized disclosure and the potential for sanctions should they 
fail to do so.

    Question 28.: Please provide a report of what was learned from 
DHS's response to the management advisory meeting held on the afternoon 
of February 7, 2007.
    Response: We are proceeding with our ongoing work regarding SBInet, 
and continue to meet with DHS staff. Our review of the SBInet Baseline 
is expected to be completed by the end of the year.

    Question 29.: Please provide a detailed breakdown of how $16 
billion (40% of DHS budget) is spent and why it's better spent on 
contractors than in-house.
    Response: We have not conducted a detailed analysis of DHS spending 
through contracts, and have not made any assessment of contracted work 
versus work performed in-house. We have several ongoing reviews that 
are looking at significant DHS programs that use contracted resources, 
such as CBP's SBInet and Coast Guard's Deepwater Program. In those 
reports, we questioned the offices' over-reliance on contractors to 
perform project oversight functions.

    Question 30.: Several OIG reports have identified problems with TSA 
screeners and TSA airport procedures. What progress has been made in 
implementing OIG's recommendations and what is being done to further 
ensure consistency and clarity regarding the rules and procedures on 
airport screenings?
    Response: As a result of two audits that our office has conducted 
to test screeners' ability to detect prohibited items on passengers' 
bodies, in their cabin-accessible property, and in their checked 
baggage, we made several recommendations to TSA to enhance this aspect 
of aviation security. We identified four broad areas in which TSA could 
take action to improve screener performance, as measured by detection 
rates: training; equipment and technology; policy and procedures; and 
supervision. TSA has implemented several changes that are responsive to 
our recommendations, and is incrementally working on taking additional 
actions. In addition, we will shortly being starting a new round of 
penetration testing to determine to what extent TSA's policies, 
procedures, training, equipment, and supervision ensure that 
Transportation Security Officers are able to prevent threat items from 
being introduced into the sterile areas and checked baggage systems of 
the nation's airports.
    We also recently completed an audit that tested airport and air 
carrier employees' ability to prevent unauthorized access to secured 
areas of the airport. In our report we make 10 recommendations to 
improve access control, but because we have not yet issued our report, 
it is premature for us to discuss TSA's response.

    Question 31.: What is the prognosis for linking the Homeland 
Security Network to RISS and are procedures being developed to avoid 
duplication and confusion when that linkage takes place?
    Response: In June 2006, we reported that DHS had made some progress 
in establishing interoperability between HSIN and similar federal 
systems, such as the Regional Information Sharing Systems (RISS), which 
is used to facilitate the exchange of critical information across 
federal, state, and local law enforcement agencies. For example, DHS 
had begun to allow products to be posted and shared between HSIN and 
RISSNET, and was working with Department of Justice representatives to 
achieve complete interoperability in 2006. However, we have performed 
no follow-up work on this issue since the release of our report.

  Questions from the Honorable Peter T. King, Ranking Minority Member

    Question 32.: With respect to financial management, your testimony 
discusses the Department's internal control weaknesses, specifically 
those at the Coast Guard, Immigration and Customs Enforcement, and the 
Transportation Security Administration.
         Your testimony notes that the Department has taken 
        steps to address these issues. What is the Department doing to 
        resolve the weaknesses? What additional steps should the 
        Department take in this area?
    Response: The Department is doing the following to resolve the 
weaknesses:
         The Department has developed a corrective action plan 
        to remediate internal control weaknesses.
         The DHS Office of Financial Management, Coast Guard, 
        and Immigration and Customs Enforcement have engaged outside 
        contractors to assist in implementation of these corrective 
        action plans.
         DHS Chief Financial Officer has implemented a rigorous 
        timeline and monitoring of progress to identify problems that 
        need to be addressed by the responsible party. DHS Chief 
        Financial Officer reports this information to the Deputy 
        Secretary.
         These corrective action plans and this process help 
        the DHS Chief Financial Officer hold components accountable for 
        meeting corrective action milestones in order to remediate 
        internal control weaknesses.
         The Office of Inspector General initiated a series of 
        performance audits to assess the effectiveness of DHS' 
        corrective action plans to address internal control weaknesses 
        and has provided recommendations for improvement.
         With regard to additional steps, the Department needs 
        to continue to develop CAPS that identify the underlying root 
        causes, develop effective remediation plan with measurable 
        milestones, assign accountability for the CAP, and validate the 
        successful implementation of the CAP.

    Question 33.: You note that FEMA has developed new predefined 
mission assignments for disaster response and recovery, and you are 
conducting a review of these assignments.
         What has your examination determined thus far?
         Will these predefined mission assignments help to 
        prevent waste in future disasters?
    Response: FEMA issued approximately 2,700 mission assignments 
totaling approximately $8.7 billion to Federal agencies to help respond 
to Hurricane Katrina. FEMA historically has had significant problems 
issuing, tracking, monitoring, and closing mission assignments. FEMA 
guidance on the assignments is often vague, and agencies' accounting 
practices vary significantly, causing problems with reconciling 
agencies' records to FEMA records. FEMA has developed a number of new 
pre-defined mission assignments to expedite some of the initial 
recurring response activities. In addition, FEMA's Disaster Finance 
Center is working to find a consensus among other Federal agencies on 
appropriate supporting documentation for billings.
    According to FEMA officials, 44 predefined mission assignments have 
been in established with DOD, including 28 with USACE. In March 2007, 
FEMA will add 8--10 more mission assignments with USDA, EPA, DOT, HHS 
and HUD. The predefined mission assignments shorten the multi-tier MA 
approval process and identify the typical services assigned to each 
agency.
    We are currently conducting a review of mission assignments to DHS 
agencies, and other Inspectors General are reviewing mission 
assignments to their respective agencies. As with pre-defined standby 
contracts, pre-defined mission assignments will help to mitigate waste.

    Question 34.: Your testimony notes the importance of data mining in 
terrorism detection and prevention. However, you note that many of the 
data mining activities within the Department are stove-piped within 
each component.
         What is the Department doing to ensure that this 
        information is shared throughout the Department to maximize the 
        effectiveness of this information?
    Response: This year, we plan to include in our review access and 
coordination for sharing of information critical in fighting terrorism 
as they relate to data mining activities within the Department.
    About half of the data mining activities reviewed in the ``Survey 
of DHS Data Mining Activities'' were developed using custom-built 
systems or proprietary software without regard to technological 
compatibility and DHS-wide coordination with other programs, thereby 
impeding information sharing. Additionally, some of the data mining 
activities used the same commercial-off--the-shelf products, but did 
not share information.
    Many activities that were reviewed only collected and analyzed 
small pieces of information for mission-restricted programs, such as 
screening foreign flight crews or ensuring that special interest aliens 
register with ICE. However, there may be a potential for coordinating 
data access and mining for cross-cutting functions, such as, reporting 
or analyzing suspicious or criminal activities, assessing risk, 
targeting cargo, and authenticating documents and people.

  Questions from the Honorable Marsha Blackburn, a Representative in 
                  Congress from the State of Tennessee

    Question 35.: You noted in your testimony that you believe more 
data sharing is needed between FEMA and law enforcement, especially 
with respect to identifying and tracking sex offenders and suspected 
felons.

         How does FEMA currently collect data on sex offenders 
        and missing children?
    Response: FEMA does not collect data specific to sex offenders. 
Rather, FEMA collects information from individuals applying for 
disaster assistance to facilitate the delivery of disaster assistance. 
The type of information collected by FEMA and contained in FEMA's 
disaster assistance recovery files includes the applicant's name, 
social security number, income information, address of damaged 
property, current address, etc. Law enforcement officials have told us 
that direct access to this information following a disaster is needed 
to identify the whereabouts of registered sex offenders and to protect 
those residing in FEMA shelters and trailer parks.
    In respect to missing children, FEMA collects the names of children 
living in the applicant's home at the time of the disaster. This 
information is often needed by law enforcement to locate missing 
children and to reunite them with their families. DHS and DOJ recently 
established an agreement that provides law enforcement direct access to 
FEMA disaster recovery assistance files for the purpose of locating 
missing children displaced due to disasters. However, DHS and DOJ have 
not established an arrangement that provides law enforcement direct 
access to FEMA disaster assistance recovery files to identify the 
whereabouts of sex offenders and fugitive felons following a disaster.

         Where is this data stored and what do they usually do 
        with this information?
    Response: Information collected from disaster assistance applicants 
is stored in the National Emergency Management System (NEMIS). The 
information collected from applicants is used to inspect damaged homes, 
to verify information provided by the applicant, to make eligibility 
determinations regarding the applicant's request for assistance, and to 
identify and implement measures to reduce future disaster damage, and 
for other purposes identified as routine uses, such as disclosing 
information to prevent duplication of benefits.

         Is it regulatory or statutory authority that is 
        preventing law enforcement access to this database?
    Response: FEMA disaster assistance recovery files are a System of 
Records protected by the Privacy Act of 1974 (5 U.S.C. 552a.). For law 
enforcement to have direct access to this information, a routine use 
needs to be established that allows the information to be disclosed and 
an agreement between DOJ and DHS executed to permit direct access. We 
have recently recommended to the FEMA Undersecretary for Federal 
Emergency Management: (1) Add specific routine uses to the System of 
Records Notice that authorizes the disclosure of FEMA disaster recovery 
assistance files for the purpose of locating registered sex offenders 
and fugitive felons in the aftermath of a disaster. (2) Develop and 
execute agreements with DOJ, the coordinator for Public Safety and 
Security under the National Response plan, to provide appropriate law 
enforcement entities direct access to FEMA disaster recovery assistance 
files for public safety and security efforts, including identifying the 
whereabouts of registered sex offenders and fugitive felons.

    Question 36.: The Deepwater Program:

         Who requested the modification of the original designs 
        of the National Security Cutter (NSC)?
    Response: The Coast Guard requested the modification of the 
original designs of the National Security Cutter (NSC).

         Why were the designs modified?
    Response: According to the Coast Guard, the events of September 11, 
2001 forced them to reconsider the performance requirements for assets 
being acquired through the Deepwater Program, which included the NSC. 
As a result, the Coast Guard issued a Revised Deepwater Implementation 
Plan (the Plan) on 25 March 2005. Studies were also conducted by 
several independent organizations such as the Brookings Institution and 
RAND, which identified shortcomings in the original Deepwater solution 
and recommended the Coast Guard investigate how to correct them. As a 
result, during July 2003, the Commandant directed that an internal 
Coast Guard study be conducted to analyze operational capability and 
force structure gaps, and their impact on mission performance. The 
resulting review helped the Coast Guard revise the performance 
specifications for a wide array of Deepwater assets including the 
NSC.These revised performance specifications for the NSC included:
                 A larger flight deck to accommodate all 
                variants of DHS and DOD HH-60 helicopters;
                 The installation of an anti-terrorism/Force 
                protection Suite to include underwater sonar to allow 
                the cutter to scan ports, approaches, facilities, and 
                high value assets for underwater mines and swimmers;
                 An updated weapons and command and control 
                suite; and,
                 Chemical, Biological, Radiological (CBR) 
                capability to allow the NSC to remain on scene and 
                operate in Weapons of Mass Destruction scenarios.
    Changes to the original NSC designs began shortly after 9/11, and 
continue to this day.

         Although your office warned the Department not to 
        begin the production of the new NSCs, the Department decided to 
        begin production on 2 of them. Who made the decision?
    Response: It was the Coast Guards own subject matter experts and 
not the OIG that warneded Coast Guard not to begin production of NSCs 1 
and 2. In a memorandum dated on March 29, 2004 from the Coast Guard's 
Assistant Commandant for Systems (Admiral Erroll Brown) to the 
Deepwater Program Executive Officer (PEO) Admiral Patrick Stillman, 
where he expressed concern that there were significant structural 
problems with the design of the NSC which compromise the safety and the 
viability of the NSC's hull. Admiral Brown also requested ``the 
impending Delivery Task Order (DTO) for the production and deployment 
of the NSC (003OBC), be held in abeyance until a solution to the NSC's 
structural design issues could be resolved. Despite the warning, the 
Coast Guard authorized $140 million to commence the production and 
deployment of NSC1. By January 2005, the Deepwater PEO had authorized 
the issuance of DTOs valued at an additional $201 million for long lead 
items and the construction and deployment of NSC2. It was not until 
March 2005, more than 27 months after first being advised of the NSC 
design deficiencies, did the Deepwater Program Office contract with the 
U.S. Navy's Surface Warfare center (Carderock Division) to conduct a 
fatigue assessment of the NSC.

    Who was in charge to exercise technical and management oversight 
authority over the NSCs?
    Response: For the Coast Guard the authority resided with the 
Deepwater Program Executive Officer (Rear Admiral Patrick Stillman). 
For the ICGS/Northrop Grumman, the authority resided with the Vice 
president and General Manager (ICGS) and the President, Northrop 
Grumman Ship Systems.

         Who made the decision to modify the designs of the 
        123-foot patrol boat?
    Response: To our knowledge, the design of the 123-foot patrol boats 
was not modified.

         Did any Coast Guard technical experts analyze these 
        modifications for structural problems?
    Response: It is our understanding the Coast Guard's Engineering and 
Logistics Command (ELC) evaluated the 123-foot patrol boat design and 
(like the NSC) made recommendations to the Deepwater PEO. Our review of 
the construction issues with the 123' foot patrol boat did not include 
an evaluation of the 123-foot design. Therefore, we do not know the 
extent to which the ELC's recommendations were evaluated by the 
Deepwater program office and incorporated into the 123-foot patrol boat 
design.

         In your opinion, has Commandant Thad Allen's efforts 
        to overhaul internal operations will provide greater oversight 
        of Deepwater acquisitions?
    Response: The Coast Guard recognizes these challenges and is taking 
aggressive action to strengthen program management and oversight--such 
as technical authority designation; use of independent, third party 
assessments; consolidation of acquisition activities under one 
directorate; and redefinition of the contract terms and conditions, 
including award fee criteria. Furthermore, and most importantly, the 
Coast Guard is increasing its staffing for the Deepwater program, and 
reinvigorating its acquisition training and certification processes to 
ensure that staff have the requisite skills and education needed to 
manage the program. The Coast Guard is also taking steps to improve the 
documentation of key Deepwater related decisions. If fully-implemented, 
these steps should significantly increase the level of management 
oversight exercised over the air, surface, and C4ISR assets that are 
acquired or modernized under the Deepwater Program.

    Question 37.: What type of cost and manpower are necessary to form 
a coherent IT infrastructure in DHS? Does DHS have competent personnel 
and adequate management plans to accomplish this?
    Response: We have not conducted work in this area in order to 
answer these questions. We plan to address cost and manpower issues as 
part of a comprehensive review of IT management at DHS in fiscal year 
2008.

                   Response to Supplemental Questions

                                for the

                     Committee on Homeland Security

                        House of Representatives

                               Hearing on

    Management and Programmatic Challenges Facing the Department of

                           Homeland Security

                            February 7, 2007

 Responses from the Honorable David M. Walker, joint with Norman Rabkin

    Question 1.: Please explain why DHS has been unable to produce a 
clean financial statement for the entire Department.
    Response: The Department of Homeland Security (DHS) has been unable 
to obtain a ``clean'' opinion on its financial statements because of 
existing financial management systems, controls and reporting problems. 
DHS management and auditors have attributed many of DHS's difficulties 
in financial management and reporting to the original stand-up of a 
large, new, and complex executive branch agency without adequate 
organizational expertise in financial management and accounting. GAO 
identified DHS's transformation as a high risk area in fiscal year 2003 
because DHS had to transform 22 agencies into one department and 
inherited a number of operational and management challenges from legacy 
components. For fiscal year 2006, DHS only had its Balance Sheet and 
Statement of Custodial Activity subjected to audit. According to DHS's 
Inspector General, the Office of Financial Management, U.S. Coast Guard 
(USCG), Transportation Security Administration (TSA), Federal Emergency 
Management Agency (FEMA), Immigration and Customs Enforcement (ICE), 
and the Management Directorate were unable to provide sufficient 
evidence to support account balances presented in these financial 
statements and collectively contributed to the auditors' inability to 
render an opinion on them. Further, DHS management and three of its 
major components (USCG, TSA, and ICE) were unable to represent that the 
financial statements were presented in conformity with U.S. generally 
accepted accounting principles. The auditors identified 10 material 
weaknesses in internal control resulting in an adverse opinion rendered 
by DHS's Inspector General on controls over financial reporting and 
compliance as of September 30, 2006. The auditors attributed these 
conditions to a weak internal control environment and entity-level 
controls such as limited staffing resources and lack of integrated 
financial processes and systems.

    Question 2.: In addition to the Department's problems in carrying 
out its responsibilities in implementing SBInet and the National 
Security Cutter programs, are there any particular programs you would 
like to bring to our attention as likely to present special challenges 
for DHS?
    Response: Given the importance of major information technology (IT) 
investments to DHS's transformation efforts, we have recommended that 
the department adopt a strategic approach to managing these investments 
that is grounded in (1) rigorous and disciplined investment management 
and system acquisition processes and (2) a corporate enterprise 
architecture to ensure that these investments can interoperate and are 
not duplicative. Since making these recommendations, our work on 
individual programs, such as US-VISIT, Secure Flight, and the Automated 
Commercial Environment (ACE), has shown that the department has 
continued to be challenged in its ability to manage its IT investments 
in such a manner. We have ongoing work focusing on both DHS's corporate 
approach to IT investment management and its enterprise architecture.

    Question 3.: Please explain how personnel and morale problems such 
as those highlighted in the recent Office of Personnel Management 
report, which highlighted the morale problems among employees at DHS, 
have affected DHS's ability to accomplish its mission.
    Response: The Comptroller General convened a forum in September 
2002 to identify useful practices from major private and public sector 
mergers, to help federal agencies like DHS merge its various 
originating components into a unified department. We found that the key 
to a successful merger and transformation is to recognize the 
``people'' element and implement strategies to help individuals 
maximize their full potential in the new organization, while 
simultaneously managing the risk of reduced productivity and 
effectiveness that often occurs as a result of the changes.\1\ The 
challenge of implementing and transforming DHS's 22 agencies into a 
fully functioning department remained as a high-risk area on our 
January 2007 update to our high-risk list.\2\ In particular, we noted 
that DHS still has not developed a DHS-wide transformation strategy 
that includes a strategic plan that identifies specific budgetary, 
human capital, and other resources needed to achieve strategic goals. 
We currently have ongoing work that addresses a number of human capital 
issues at DHS. This work is being conducted at the request of the 
Committee and we expect to issue our report later this year.
---------------------------------------------------------------------------
    \1\ GAO, Highlights of a GAO Forum, Mergers and Transformation: 
Lessons Learned for a Department of Homeland Security and Other Federal 
Agencies, GAO-03-293SP (Washington, D.C.: Nov. 14, 2002) and Results-
Oriented Cultures: Implementation Steps to Assist Mergers and 
Organizational Transformations, GAO-03-669 (Washington, D.C.: July 2, 
2003).
    \2\ GAO, High-Risk Series: An Update, GAO-07-310 (Washington, D.C.: 
January 2007).

    Question 4.: Please provide information regarding investigations of 
DHS's failure to build internal capacity while outsourcing many of its 
responsibilities. In particular, please explain the extent to which DHS 
over-relies on contractors to fill employee vacancies.
    Response: The work of the government is increasingly being 
performed by contractors, including emergency and large-scale logistics 
operations such as hurricane response and recovery and the war in Iraq. 
In making sourcing decisions, organizations need to determine whether 
internal capability or external expertise can more effectively meet 
their needs. The Commercial Activities Panel, chaired by Comptroller 
General Walker, noted in 2002 that determining whether the public or 
the private sector would be the most appropriate provider of the 
services the government needs is an important, and often highly 
charged, question.\3\ The report also stated that determining whether 
internal or external sources should be used has proved difficult for 
agencies because of systems and budgeting practices that (1) do not 
adequately account for total costs and (2) inhibit the government's 
ability to manage its activities in the most effective manner possible.
---------------------------------------------------------------------------
    \3\ Commercial Activities Panel, Final Report: Improving the 
Sourcing Decisions of the Government (Washington, D.C.: 2002).
---------------------------------------------------------------------------
    In prior work examining the competitive sourcing initiatives of 
selected agencies which did not include DHS, we reported that several 
agencies had developed strategic and transparent sourcing 
approaches.\4\ The approaches included the comprehensive analysis of 
factors such as mission impact, potential savings, risks, current level 
of efficiency, market conditions, and current and projected workforce 
profiles. The Congress could continue to monitor DHS's and other 
agencies' reliance on contractors to carry out their basic missions. 
Our ongoing work on several human capital issues at DHS should provide 
some insight on the use of personal service contracts at the 
department.
---------------------------------------------------------------------------
    \4\ GAO, Competitive Sourcing: Greater Emphasis Needed on 
Increasing Efficiency and Improving Performance, GAO-04-367 
(Washington, D.C.: Feb. 27, 2004).

    Question 5.: Please explain any and all concerns regarding DHS's 
failure to set sufficient requirements for ``solution based'' 
procurement contracts. Also, please explain whether there is sufficient 
monitoring for the contractors who win these awards.
    Response: The Deepwater program has been designated as a 
performance-based acquisition. If performance-based acquisitions are 
not appropriately planned and structured, there is an increased risk 
that the government may receive products or services that are over cost 
estimates, delivered late, and of unacceptable quality. We have found 
in our reviews of major systems that establishing clear requirements 
ahead of time is critical to mitigating risk.\5\ Program requirements 
are often set at unrealistic levels, then changed frequently as 
recognition sets in that they cannot be achieved. As a result, too much 
time passes, threats may change, and/or members of the user and 
acquisition communities may simply change their minds. The resulting 
program instability causes cost escalation, schedule delays, fewer 
quantities, and reduced contractor accountability. GAO is presently 
performing a review of how well DHS components are managing 
performance-based services acquisition.
---------------------------------------------------------------------------
    \5\ GAO, Homeland Security: Observations on the Department of 
Homeland Security's Acquisition Organization and on the Coast Guard's 
Deepwater Program, GAO-07-453T (Washington, D.C.: February 8, 2007).
---------------------------------------------------------------------------
    In terms of monitoring contractor performance under the Deepwater 
program, in 2004, we found that the Coast Guard had not developed 
quantifiable metrics to hold the system integrator accountable for its 
ongoing performance and that the process by which the Coast Guard 
assessed performance after the first year of the contract lacked 
rigor.\6\ We also reported that the Coast Guard had not begun to 
measure the system integrator's performance on the three overarching 
goals of the Deepwater program--maximizing operational effectiveness, 
minimizing total ownership costs, and satisfying the customers. Coast 
Guard officials told us that metrics for measuring these objectives had 
not been finalized; therefore they could not accurately assess the 
contractor's performance against the goals. However, at the time, the 
Coast Guard had no time frame in which to accomplish this measurement. 
According to a Coast Guard official, the Coast Guard evaluated the 
contractor subjectively for the first award term period in May 2006, 
using operational effectiveness, total ownership costs, and customer 
satisfaction as the criteria. The result was a new award term period of 
43 of possible 60 months.
---------------------------------------------------------------------------
    \6\ GAO, Contract Management: Coast Guard's Deepwater Program Needs 
Increased Attention to Management and Contractor Oversight, GAO-04-380 
(Washington, D.C.: March 9, 2004).

    Question 6.: Please provide procedures and studies regarding the 
adequacy of safeguards DHS has in place to enable small, minority and 
disadvantaged businesses to have a fair chance in the procurement 
process.
    Response: We recently reported that, of the prime contracting 
dollars DHS awarded for Hurricane Katrina-related relief activities 
between August 2005 and June 30, 2006, 24 percent of these funds (about 
$1.6 billion) went to small businesses.\7\ Of the $1.6 billion DHS 
awarded directly to small businesses, disadvantaged businesses received 
$409 million, women-owned businesses received $243.7 million, 
businesses located in historically underutilized business zones 
(``HUBZones'') received $222.7 million, and veteran-owned businesses 
received about $128 million.
---------------------------------------------------------------------------
    \7\ GAO, Hurricane Katrina: Agency Contracting Data Should Be More 
Complete Regarding Subcontracting Opportunities for Small Businesses, 
GAO-07-205 (Washington, D.C.: March 1, 2007).
---------------------------------------------------------------------------
    Our March 2007 report found that subcontracting accomplishment 
information was not consistently available for the DHS prime contracts 
that were awarded to large businesses for activities related to 
Hurricane Katrina and which should have had subcontracting plans. These 
plans are supposed to identify the types of work and the percentage of 
subcontracting dollars prime contractors expect to award to certain 
categories of small businesses, such as those that are disadvantaged or 
owned by women or service-disabled veterans. We found that DHS's 
systems had no information on subcontracting plan requirements for 70 
percent of the contracting dollars that appeared to meet the criteria 
for having subcontracting plans. Also, for 29 percent of the 
contracting dollars, DHS's systems showed that a subcontracting plan 
was not required. DHS officials indicated that $545 million of these 
funds were miscoded, and should have been coded as having ``no 
subcontracting possibilities.'' DHS officials were unable to explain 
why the remaining $861 million were not required to have subcontracting 
plans. In response to recommendations in our report, DHS plans to issue 
guidance to all acquisition offices reinforcing previously issued 
guidance regarding the importance of awarding all appropriate contracts 
to small businesses and encouraging large businesses to subcontract all 
appropriate work to small businesses.

    Question 7.: How many vacancies does DHS have and does it have 
sufficient funding to hire the staff it needs?
    Response: According to DHS, it is difficult to quantify the number 
of vacancies in an agency because there is no statutory definition of 
the term. one measure of vacancies is the number of full time 
equivalents (FTEs) budgeted by an agency that are not currently filled. 
In each fiscal year, each agency allocates a certain number of FTEs to 
each of its components based on budgetary and workload factors. Based 
on data supplied by DHS, in fiscal year 2007 the department was 
allocated 186,743 FTEs and, as of January 20, 2007, had 181,089 on 
board personnel. According to DHS, the difference between the enacted 
FTE's and on board personnel (5,654) may be the best basic currently 
available indicator for the number of vacancies at DHS.
    We lack sufficient information to judge the sufficiency of DHS' 
funding to fill vacancies and DHS reported that it could not respond to 
this question without first exploring the issue with each of its 
components. The costs associated with filling vacancies depend on 
variables such as the scarcity and source of skills needed. Previous 
GAO work has explored the need for increased staffing in various DHS 
components where DHS staffing shortfalls may affect its ability to 
fully accomplish its mission. As one example, DHS faces challenges in 
hiring experienced staff to oversee major procurements. The Secure 
Border Initiative (SBI) program, a comprehensive, multiyear, 
multibillion dollar program to secure U.S. borders and reduce illegal 
immigration, proposed to hire 270 government and contractor personnel 
in 2007. As of February 2007, DHS had hired 124 of the 270. We reported 
in February of 2007 that SBI officials had expressed concerns about 
difficulties in finding an adequate number of staff with the required 
expertise to support the planned activities. As a second example, 
Customs and Border Patrol (CBP) has identified its need to increase the 
number of Border Patrol Agents by 6,000 by December 2008. For fiscal 
year 2007, CBP budgeted $187,744--which included training costs, 
equipment, salary and overhead costs--for each new border patrol agent. 
DHS requested $481.1 million for 3,000 new Border Patrol Agents in the 
fiscal year 2008 budget request. As the United States intensifies 
efforts to secure the nation from illegal entrants and terrorists, we 
can expect that both staffing and technological solutions will continue 
to be proposed and that DHS and Congress will have to consider the 
associated costs in an environment of competing priorities and resource 
constraints.

    Question 8.: Please provide information regarding any studies that 
indicate that continuity of employees is an important factor in 
organizational function and institutional memory. Also, please explain 
the extent to which the widespread use of contractors cause continuity 
problems within DHS.
    Response: Our work on the private sector's experience with mergers 
and acquisitions suggests that over 40 percent of executives in 
acquired companies leave within the first year and 75 percent within 
the first 3 years. While some turnover is to be expected and is 
appropriate, the new organization must ``re-recruit'' its key talent to 
limit the loss of needed individuals because they do not see their 
place in the new organization. At the outset of any merger and 
transformation, new organizations also recognize the value in creating 
an employee knowledge and skills inventory, which would also help 
strengthen institutional memory. Valuable information resides in the 
originating organizational components, and when these components are 
combined, these intellectual assets are extremely powerful and 
beneficial to employees and stakeholders. Knowledge and skills 
inventories not only capture the intellectual assets of the new 
organization, but also signals to employees that their particular 
expertise is valued by the organization and foster a knowledge-sharing 
culture.
    We have also discussed the importance of employee continuity in 
various other reports. For example, we have reported that, while 
workforce restructuring can have benefits for agencies, any downsizing 
that may occur could lead to such negative effects as the loss of 
corporate memory and expertise.\8\ We have also reported that the use 
of human capital flexibilities, such as monetary recruitment and 
retention incentives, can be highly effective in managing agency 
workforces to help ensure the continuity of employees.\9\ In addition, 
we have discussed the need for agencies to develop a more strategic 
approach to managing the succession of senior executives and other 
employees with critical skills. For example, we have highlighted 
instances where agencies' succession planning and management efforts 
(1) receive active support of top leadership; (2) link to the agencies' 
strategic planning; (3) identify talent from multiple organizational 
levels, early in their careers, or with critical skills; (4) emphasize 
developmental assignments for high-potential employees in addition to 
formal training; (5) address specific human capital challenges, such as 
diversity; and (6) facilitate broader transformation efforts.\10\
---------------------------------------------------------------------------
    \8\ GAO, Federal Downsizing: Better Workforce and Strategic 
Planning Could Have Made Buyouts More Effective, GAO/GGD-96-62 
(Washington, D.C.: Aug. 26, 1996).
    \9\ GAO, Human Capital: Effective Use of Flexibilities Can Assist 
Agencies in Managing Their Workforces, GAO-03-2 (Washington, D.C.: Dec. 
6, 2002).
    \10\ GAO, Human Capital: Insights for U.S. Agencies from Other 
Countries? Succession Planning and Management Initiatives, GAO-03-914 
(Washington, D.C.: Sept. 15, 2003) and Human Capital: Selected Agencies 
Have Opportunities to Enhance Existing Succession Planning and 
Management Efforts, GAO-05-585 (Washington, D.C.: June 30, 2005).
---------------------------------------------------------------------------
    While we have not done work that addresses the impact of using 
contractors on continuity problems at DHS, GAO has on-going work on 
DHS's reliance on contractors and will be providing an update to 
committee staff in the near future.

    Question 9.: Please provide information regarding the extent to 
which the Directorate of Management needs to be reorganized or even 
eliminated.
    Response: The Homeland Security Act of 2002 \11\ establishes that 
the Under Secretary for Management is responsible for the transition 
and reorganization process for the department and the Management 
Directorate is currently responsible for carrying out this function. As 
it may take several years, as in any merger, for the successful 
implementation of the department, it is critical that DHS have a 
dedicated team or leader in place to help manage its integration. As 
the Comptroller General has testified, GAO continues to designate the 
implementation and transformation of DHS as high risk because the 
department had to transform 22 agencies--several with major management 
challenges--into one department, and failure to effectively address its 
management challenges and program risks could have serious consequences 
for our national security. While the protection of the homeland is the 
primary mission of the department, critical to meeting this challenge 
is the integration of DHS's varied management processes, systems, and 
people--in areas such as information technology, financial management, 
procurement, and human capital--as well as in its administrative 
services. In our recent high-risk report, we reported that DHS has yet 
to implement a corrective action plan that includes a comprehensive 
transformation strategy and its management systems--especially related 
to financial, information, acquisition, and human capital management--
are not yet integrated and wholly operational.\12\
---------------------------------------------------------------------------
    \11\ Pub. L. No. 107-296, Sec. 701(a) (9). Also, The Homeland 
Security Act established five directorates within DHS for each of the 
following areas: (1) management, (2) science and technology, (3) 
information analysis and infrastructure protection, (4) border and 
transportation security, and (5) emergency preparedness and response. 
The U.S. Secret Service and the U.S. Coast Guard were also transferred 
to DHS, but are not within a directorate.
    \12\ GAO-07-310.
---------------------------------------------------------------------------
    In 2005, we reported that as it was currently structured, the roles 
and responsibilities of the DHS Under Secretary for Management 
contained some of the characteristics of a Chief Operating Officer 
(COO) or Chief Management Officer (CMO), but we suggested that the 
Congress should consider whether a revised organizational arrangement 
is needed to fully capture the roles and responsibilities of a COO/CMO 
position, including whether the position contained sufficient authority 
to elevate attention on management issues and transformational 
change.\13\
---------------------------------------------------------------------------
    \13\ GAO, Department of Homeland Security: A Comprehensive and 
Sustained Approach Needed to Achieve Management Integration, GAO-05-139 
(Washington, D.C.: Mar. 16, 2005).

    Question 10.: Please provide us with the current functions of the 
Business Transformation Office. Provide examples of models that would 
be suitable to further DHS migration.
    Response: At this time, we understand that the DHS Business 
Transformation Office (BTO) has been eliminated. Because no two merger, 
acquisition, or transformation efforts are exactly alike, the ``best'' 
approach for any given effort depends upon a variety of factors 
specific to each context. Our prior work on mergers and 
transformations, undertaken before the creation of DHS, concluded that 
successful transformations of large organizations, even those faced 
with less strenuous reorganizations than DHS, can take years to achieve 
and certain key practices and implementation steps should be adopted to 
ensure successful transformations.\14\ In our 2005 review of the 
integration of DHS, we made recommendations based on these key 
practices to assist DHS in building the infrastructure needed to manage 
its merger or transformation and were particularly important to DHS at 
this juncture in its management integration efforts.
---------------------------------------------------------------------------
    \14\ GAO, Highlights of a GAO Forum, Mergers and Transformation: 
Lessons Learned for a Department of Homeland Security and Other Federal 
Agencies, GAO-03-293SP (Washington, D.C.: Nov. 14, 2002) and Results-
Oriented Cultures: Implementation Steps to Assist Mergers and 
Organizational Transformations, GAO-03-669 (Washington, D.C.: July 2, 
2003).
---------------------------------------------------------------------------
    We recommended that DHS develop an overarching management 
integration strategy for the department that would look across the 
initiatives within each of the management functional units and clearly 
identify the critical links that must occur among these initiatives, 
among other things. The department should also use this strategy to 
clearly communicate a consistent set of goals and the progress achieved 
internally to all its employees, and externally to key stakeholders, 
such as the Congress. In addition, we recommended that DHS designate a 
dedicated implementation team, at the time that the BTO was just 
forming, for the department's management integration and provide it 
with the requisite authority and responsibility to help set priorities 
and make strategic decisions to drive the integration across all 
functions. The dedicated implementation team would also be responsible 
for working with the Undersecretary for Management to develop and 
implement the overarching management integration strategy. While the 
BTO has been eliminated, we believe that it would be helpful for DHS to 
have a dedicated team or coordinating body to help oversee and ensure 
its management integration and transformation. See questions 22 and 31 
for a more detailed discussion of the BTO and COO/CMO, respectively.

    Question 11.: Why do you think DHS ranked at the bottom of the 
just-released OPM survey of job satisfaction among federal employees 
and made so little progress in two years since OPM's previous survey? 
What does DHS need to be doing now so that it improves two years from 
now?
    Response: Seeking and monitoring employee attitudes and taking 
appropriate follow-up actions, is one of the important implementation 
steps in our work on organizational mergers and transformations. 
Because people are drivers of any merger or transformation, it is vital 
to monitor their attitudes, through pulse surveys, focus groups, or 
confidential hotlines. While monitoring employee attitudes provides 
good information, it is most important for employees to see that top 
leadership not only listens to their concerns, but also takes actions 
and makes appropriate adjustments in a visible way. We have not been 
asked by the Congress, to date, to follow-up on the OPM survey results 
at DHS. However, our prior work has shown that if DHS does not take 
appropriate follow-up action on the survey results, negative attitudes 
may translate into actions, such as employee departures, among other 
things, that could have a detrimental effect on the continued 
implementation and transformation of the department.

    Question 12.: What steps have FEMA and DHS taken to resolve the 
problems in FEMA's automated payment system, which uses out-dated 
technology and, thus, had limited expansion capability to support 
catastrophic disasters like Katrina?
    Response: While GAO has not conducted additional work specifically 
addressing the current status of the Federal Emergency Management 
Agency's (FEMA) efforts to improve its automated payment system, the 
Department of Homeland Security's Office of Inspector General reviewed 
FEMA's Progress in Addressing Information Technology Management 
Weaknesses in December 2006 (OIG-07-17) and reported that:
    FEMA has made progress in several areas, particularly short-term 
adjustments to prepare for the 2006 hurricane season. These 
improvements primarily included increasing the National Emergency 
Management Information System (NEMIS) capacity and online system access 
and strengthening verification of registration data. In addition, FEMA 
and its program offices specifically addressed our recommendations by 
documenting training resources, developing a plan to implement its 
enterprise architecture (EA), gathering requirements for new business 
tools, and improving configuration management.
    However, despite these positive steps, FEMA has not documented or 
communicated a strategic direction to guide long-term IT investment and 
system development efforts. FEMA also has not performed crosscutting 
requirements gathering to determine business needs, which would allow 
Information Technology Services Division (ITSD) personnel to analyze 
alternatives to continued development of the complex, custom NEMIS 
system. We note below several resource challenges for FEMA to 
accomplish these tasks, including personnel needs, time limitations, 
and funding constraints. For example, high-level officials acknowledged 
the need for personnel who can effectively and efficiently manage 
system development efforts, especially as key personnel are allocated 
to assist in disaster and emergency response activities. Further, FEMA 
officials told us that funding constraints also have prevented the 
creation of sufficient training and testing environments. Therefore, 
constrained by limited resources, FEMA has focused its efforts on 
preparing for the 2006 hurricane season and has made little progress in 
addressing long-term needs, such as updating strategic plans, defining 
cross-cutting requirements, and evaluating systems alternatives.

    Question 13.: Please explain the extent to which FEMA has acted on 
the numerous GAO recommendations for addressing significant fraud, 
waste, and abuse in FEMA's Individuals and Households Program (IHP) and 
in Department of Homeland Security's purchase card program.
    Response: As part of our audit of the FEMA's IHP and the DHS's 
purchase card program, to date we have made 25 recommendations designed 
to improve the management of these 2 programs. FEMA and DHS fully 
concurred with 19 recommendations, and substantially or partially 
concurred with the remaining 6 recommendations.
    With respect to the purchase card program, DHS agreed with all our 
recommendations and reported taking actions to address them. For 
example, DHS stated that they had amended their purchase card manual in 
order to incorporate suggested changes from our recommendations. 
However, we have not performed testing to evaluate the effectiveness of 
these actions.
    With respect to the IHP, FEMA and DHS concurred with 13 of our 
recommendations, and substantially or partially concurred with 6. DHS 
and FEMA also reported that they have taken actions, or plan to take 
actions, to implement many of our recommendations. These actions 
include implementing identity and address verification on all IHP 
registrations, implementing controls to prevent duplicate IHP 
registrations using the same social security numbers, and implementing 
a system change to prevent individuals from registering for assistance 
using a Post Office box. However, we have not determined if these 
actions adequately address all our recommendations, nor have we 
performed audit or investigative work to test new controls. In 
addition, in written comments on several of our reports, FEMA has 
expressed concern and disagreement with some of our findings and 
statistical projections of overall rates of potentially fraudulent and 
improper payments. Until FEMA recognizes the significant weaknesses in 
their individual assistance programs, they will continue to risk losing 
billions of taxpayer dollars to fraud, waste, and abuse. We are also 
planning to issue a follow up report to our December 6, 2006 testimony 
which includes additional recommendations to DHS and FEMA on necessary 
improvements to IHP and the purchase card program.

    Question 14.: Has DHS begun to address any of GAO's seven 
recommendations for improving DHS's oversight of cash advance funding 
for first responder grants and associated interest liabilities? If so, 
please explain how DHS is addressing these, including the 
recommendation that urges the Department to identify the significant 
issues that have resulted in delays in the drawdown and disbursement of 
DHS grant funds.
    Response: We were recently informed by DHS's Office of the Chief 
Financial Officer that DHS's Preparedness Directorate's Office of 
Grants and Training, which has been responsible for implementing our 
recommendations, will be merged into FEMA and the recommendations will 
be addressed by appropriate parties under the new organizational 
structure. At this time, DHS plans to provide a response to our 
recommendations by the end of April 2007.

    Question 15.: As a result of the creation of Homeland Security in 
2003, legacy INS and legacy Customs Special Agents were merged to 
create the U.S. Immigration and Customs Enforcement agency. Customs 
agents previously enforced over 400 federal laws and immigration agents 
enforced laws pursuant to the Immigration and Nationality Act (Title 
8). It appears that ICE agents are heavily focused on immigrations 
investigations such as worksite enforcement. What measures are being 
taken to insure a continuity of enforcement from both legacy missions?
    Response: When ICE was created, it retained responsibility for 
enforcing the customs and immigration laws that were the purview of its 
legacy agencies. These include criminal statutes addressing the illegal 
import and export of drugs, weapons, child pornography, stolen 
antiquities, and other contraband, as well as alien smuggling, human 
trafficking, and the international laundering and smuggling of criminal 
proceeds. In March 2006 we testified that ICE's Office of 
Investigations (OI) organizational structure and investigative 
activities reflected those of both its principal legacy agencies--the 
U.S. Customs Service and Immigration and Naturalization Service. To 
ensure continuity of enforcement, OI established 3 major investigative 
divisions--National Security, Finance and Trade, and Smuggling and 
Public Safety--that incorporated the core missions and functions of 
legacy immigration and customs investigations. In June 2006 we reported 
ICE uses a combination of factors to allocate its investigative 
resources, including whether an investigation indicates a potential 
threat to national security, the execution of special programs run out 
of headquarters divisions and units like Operation Community Shield, 
which targets violent street gang members, and carry-over legacy 
activities, such as support for implementation of the national drug 
control strategy. Consequently, ICE performs a combination of 
immigration--and customs-related investigations. Though we have not 
assessed ICE's allocation of investigative resources recently, we found 
that about half of ICE investigative resources were used for drug, 
financial, and general alien investigations in fiscal years 2004 and 
2005. The resource use in the other case categories pertains to 
investigations of a variety of customs and immigration violations 
including commercial fraud, general smuggling, human smuggling and 
trafficking, identity fraud, document fraud, and worksite enforcement. 
None of the investigative categories that apply to these violations 
individually accounted for more than 8 percent of investigative 
resource use during the period under study. In most instances these 
other case categories accounted for 5 percent or less of resource use. 
In order to guide the allocation of its investigative resources, we 
recommended that DHS direct ICE to conduct a comprehensive risk 
assessment to identify those violations with the highest probability of 
occurrence and most significant consequences.\15\ DHS agreed with our 
recommendation.
---------------------------------------------------------------------------
    \15\ GAO, Homeland Security: Better Management Practices Could 
Enhance DHS's Ability to Allocate Investigative Resources, GAO-06-462T 
(Washington, D.C.: March 28, 2006).

    Question 16.: What hurdles exist in getting the Transportation 
Sector Specific Plan that was due over two years ago finalized and 
published?
    Response: GAO did not assess whether any hurdles existed or the 
reasons for any delays in DHS' issuance of the Transportation Sector 
Specific Plan. We have testified that it is important for DHS to 
finalize and issue the plan and supporting plans as soon as possible so 
that transportation stakeholders understand the federal government's 
role with respect to security, as well as expectations for them. We 
also testified on the importance of the Transportation Sector Specific 
Plan and supporting plans being supported by relevant risk assessments 
conducted or overseen by department.

    Question 17.: In October of last year GAO sent a letter titled, 
Combating Nuclear Smuggling: DHS's Cost-Benefit Analysis to Support the 
Purchase of New Radiation Detection Portal Monitors Was Not Based on 
Available Performance Data and Did Not Fully Evaluate All the Monitors' 
Costs and Benefits to the chairman of both House and Senate 
appropriations committees. Has there been any activity in the Inspector 
General's office to look at DNDO's cost-benefit analysis and if so what 
are you finding?
    Response: We contacted the Director of Border and Transportation 
Security in the DHS Inspector General's (IG) Office and were told the 
DHS IG has not examined the Domestic Nuclear Detection Office's (DNDO) 
cost-benefit analysis, nor does the DHS IG have any plans to examine 
it.

    Question 18.: As the government agency charged with securing the 
nation's critical cyber infrastructure, how is DHS supposed to provide 
adequate leadership to the nation's critical infrastructure owners when 
the Department itself continues to receive failing grades on securing 
its own critical infrastructure?
    Response: DHS's continued shortfalls in fully implementing 
effective information security over its computer systems could limit 
its credibility in providing leadership to the nation's critical cyber 
infrastructure owners. DHS needs to lead by example and improve its 
information security. Also, in September 2006, DHS announced the 
appointment of an Assistant Secretary for Cyber Security and 
Telecommunications to better provide this leadership. While filling 
this leadership position is an important step to enhancing DHS's 
visibility to organizations that own and operate our nation's critical 
infrastructures, DHS needs to improve on its efforts to fulfill its key 
cybersecurity responsibilities. These responsibilities include 
developing and enhancing national cyber analysis and warning 
capabilities, providing and coordinating incident response and recovery 
planning efforts, and identifying and assessing cyber threats and 
vulnerabilities.

    Question 19.: What steps have the Department taken to resolve flaws 
in the way that FISMA evaluations are performed and what steps remain?
    Response: The Department has reportedly increased the percentage of 
systems for which controls had been tested and evaluated. In its 
Federal Information Security Management Act (FISMA) report for 2004, 
the department reported that 76 percent of its systems had been tested 
and evaluated. For 2006, it reported that 88 percent of systems had 
been evaluated, an increase of 12 percent. However, the department's 
Office of Inspector General (OIG) reported in 2006 that only 64 percent 
of the department's systems it reviewed had undergone such evaluations. 
In addition, the OIG reported weaknesses with the way the department 
documented control test results, residual risks, and contingency plan 
test results. Thus, DHS needs to take steps to test and evaluate the 
controls of all of its systems and adequately document the test results 
and residual risks.

    Question 20.: What is your office doing to ensure that the problems 
that existed with regard to improving laptop computer security, prior 
to Jay Cohen's appointment as the Science and Technology Directorate 
Under-Secretary are addressed? Specifically, what is your office doing 
to oversee S&T's efforts to develop a mature business model and prudent 
project management practices?
    Response: Although we have not been specifically requested to 
review this issue at DHS? Science and Technology Directorate, GAO has 
two on-going governmentwide audits that will address agency controls 
related to laptop computer security. We are assessing federal policies 
and procedures for protecting personal information on one audit and are 
evaluating the use of encryption technologies at federal agencies on 
another audit. Both of these audits will address elements of laptop 
computer security and include the Department of Homeland Security.

    Question 21.: What is your office doing to ensure that Under 
Secretary Cohen develops a plan to strengthen workforce recruitment and 
retention; improve institutional knowledge base; and create a culture 
of responsibility within the Directorate?
    Response: GAO's work on strategic workforce planning shows that it 
addresses two critical needs, (1) aligning an organization's human 
capital program with its current and emerging mission and programmatic 
goals; and (2) developing long-term strategies for acquiring, 
developing and retaining staff to achieve programmatic goals.\16\ While 
we have not reviewed DHS's Science and Technology's Directorate's 
strategic workforce planning or results-oriented culture, in December 
2005, we evaluated the Directorate's ethics-related management controls 
, particularly for its employees hired under the Intergovernmental 
Personnel Act (IPA), and concluded that these controls needed 
strengthening.\17\ Among other things, we recommended that the 
Undersecretary of the Science and Technology Directorate needed to 
finalize the Directorate's research and development process and define 
and standardize the role of the IPA portfolio managers in this process, 
and establish a monitoring and oversight program of ethic-related 
management controls. Our ongoing work on several human capital issues 
at DHS will also provide information on the use of IPA appointments at 
the department.
---------------------------------------------------------------------------
    \16\ GAO, Human Capital: Key Principles for Effective Strategic 
Workforce Planning, GAO-04-39 (Washington, D.C.: Dec. 11, 2003).
    \17\ GAO, Homeland Security: DHS Needs to Improve Ethics-Related 
Management Controls for the Science and Technology Directorate, GAO-06-
206 (Washington, D.C.: Dec. 22, 2005).

    Question 22.: In GAO-05-139, the GAO recommended that the 
Department ``provide its Business Transformation Office (BTO) with the 
authority and responsibility to serve as a dedicated integration team 
and help develop and implement the strategy.''
         Do you believe the Department has done this, and if 
        not what needs to be done?
         What form do you believe a successful BTO in the 
        Department should take?
         In as much specificity as possible, how would you 
        define the mission and goals of an effective BTO?
         We understand that the BTO is being shut down. Do you 
        believe that the mission of the BTO can be performed 
        effectively within other parts of the Department, or is the 
        Department better served by having these functions centralized 
        in one office?
    Response: As discussed in our response to question 10, to our 
knowledge, DHS does not currently have a dedicated integration team nor 
is the BTO in place to help guide its overall implementation and 
transformation. In addition, while DHS has issued guidance and plans to 
assist its integration efforts, on a function-by-function basis 
(information technology and human capital, for example), it does not 
have a comprehensive strategy, with overall goals and a time line, to 
guide the management integration departmentwide.
    GAO's research shows that it is important to dedicate a strong and 
stable implementation team for the day-to-day management of a merger or 
organizational transformation. Such a dedicated team should be vested 
with necessary authority and resources to help set priorities, make 
timely decisions, and move quickly to implement decisions for a 
successful transformation. In addition, the team ensures that various 
change initiatives are sequenced and implemented in a coherent and 
integrated way. Furthermore, the team monitors and reports on the 
progress of the integration to top leaders and across the organization, 
enabling those leaders to make any necessary adjustments. Other 
networks, including a senior executive council, functional teams, or 
cross-cutting teams, can be used to help the implementation team manage 
and coordinate the day-to-day activities of the merger or 
transformation. The role of an integration team is to help monitor the 
transformation and look for interdependencies among the individual 
functional integration efforts. The dedicated team should report to the 
highest levels of the organization and have the requisite 
responsibility and authority to set priorities and make strategic 
decisions for the integration, as well as implement the integration 
strategy.
    DHS actions, such as management directives clarifying roles for the 
integration, can provide the Under Secretary for Management with 
additional support. However, in our 2005 report, we noted that it was 
still too early to tell whether the Under Secretary would have 
sufficient authority to direct, and make trade-off decisions for the 
integration, and institutionalize it departmentwide.\18\
---------------------------------------------------------------------------
    \18\ GAO-05-139.
---------------------------------------------------------------------------
    In addition to our responses above, as part of our follow-up on 
recommendations made in our March 2005 report on DHS integration, DHS 
provided us with its Management Directorate Strategic Plan, and a draft 
plan on its high risk area of the implementation and transformation of 
the department, which contains some information relative to developing 
an agencywide management integration strategy, but there were no 
timelines and milestones that would allow the completion of this 
recommendation. To help ensure the completion of the transformation of 
the department, our research indicates that a dedicated team, such as 
the Business Transformation Office, can help ensure success.

    Question 23.: It is our understanding that GAO has encountered 
significant problems obtaining documentation from the Department of 
Homeland Security. During the hearing, it was made clear the DHS is not 
``denying'' the delivery of documentation, rather they are ``delaying'' 
the delivery of documentation. It is unclear to us what is meant by 
``delayed.'' Please provide detailed examples of what GAO considers 
``delayed,'' including examples of documents requested, dates the 
documents were requested, and the dates the documents were received.
    Response: DHS' process for handling documents and interviews 
requested by GAO has caused inordinate delays. At many federal agencies 
(and in some cases within DHS), we obtain what we need directly from 
the program officials, often on the spot or very quickly after making 
the request. The program staff keeps the agency liaisons informed of 
interviews and documents provided to us. In contrast, the process used 
in most of our interactions with DHS is overly layered and time-
consuming. We are required to submit requests for documents and 
interviews to the component liaison staff, rather than directly to 
program officials with whom we have met many times. The component 
liaison often brings in component counsel (and sometimes DHS counsel). 
The result is that on a broad range of our reviews our staff end up 
waiting for weeks or months for information that could be provided 
immediately or at least more quickly. In certain areas, specifically 
reviews related to work on the response to Hurricane Katrina and 
reviews involving FEMA and TSA, component counsel have reviewed 
virtually every document before it is provided to us.
    These procedures have caused delays which have impeded our ability 
to meet timeframes for reporting to our requesters. DHS often provides 
information very late in the process, when they realize that the 
absence of specific data in our draft report will reflect negatively on 
their programs. A related problem is that there has been a lack of 
communication. It can take months for DHS to tell us that a document 
doesn't exist. All we are told is that the agency is going through its 
review process.
    We need a commitment from DHS that it will streamline its review 
processes to make them more efficient and that it will expedite our 
requests for documents and meetings. It is much more effective when we 
can deal directly with the program staff after we have held our 
entrance conference at DHS. With regard to component counsel review of 
documents, the original DHS management directive on GAO \19\ was set up 
on the premise that counsel would not review all documents prior to 
disclosure. Component counsel was to review only a subset of documents 
to be provided to GAO, those identified by the component as potentially 
being sensitive (a checklist provided to the component liaisons 
identified the areas of sensitivity). To the extent that DHS finds it 
necessary to screen certain sensitive documents, it should do this on 
an exception basis. Other documents should be provided directly to GAO 
without prior review or approval by counsel. If DHS foresees problems 
providing a document (e.g., document doesn't exist or it raises special 
sensitivities) it should advise GAO up front.
---------------------------------------------------------------------------
    \19\ DHS GAO Management Directive #820, June 25, 2003.
---------------------------------------------------------------------------
    In conjunction with GAO's own efforts to obtain access to documents 
at DHS, congressional action has sometimes helped us to obtain 
information. These actions can include a hearing where questions are 
asked about the document delays, a letter signed from a Member to DHS, 
or a phone call from a congressional staff member. We have generally 
found that the Department is cooperative on reviews where the timing of 
the release of DHS appropriations is related to the issuance of a GAO 
review.
    There are numerous instances of DHS delays in responding to GAO 
document requests. The following are examples involving GAO work for 
which you are a requester. First, in an audit of DHS detention 
standards for aliens in its custody, we have experienced delays with 
U.S. Immigration and Customs Enforcement (ICE) providing necessary 
information and documentation. There have been multiple incidents 
during the course of this engagement in which ICE provided only partial 
information after lengthy delays. Each document, we were told by DHS 
officials, had to go through the ICE legal vetting process. The 
document requests included the following:
     On September 27, 2006, GAO requested copies of American 
Bar Association reviews of ICE detention facilities. The American Bar 
Association performed the reviews and then provided them to ICE. The 
ABA indicated to us that they had no problem with ICE providing the 
information to GAO. Despite our requests, ICE still has not provided 
copies of the reviews.
     In October 2006, GAO requested copies of the latest ICE 
compliance review for the San Diego Correctional Facility; Elizabeth 
Contract Detention Facility; Denver Contract Detention Facility; and 
the Suffolk County House of Corrections. They have yet to be provided, 
despite our repeated requests for the documents.
     On September 21, 2006, GAO requested a copy of the 
detention facility telephone contract. ICE delayed for a month until 
October 19, 2006, and then sent us a document that was almost entirely 
redacted. The first ten pages of the contract were not included and the 
rest of the contract had been significantly redacted by blacking out 
pertinent information. ICE told GAO the redacted information was 
``privileged,'' according to its lawyers. After repeated calls and 
explanations of GAO's authority to access the information, ICE provided 
the unredacted document.
     We requested a set of additional documents related to the 
detention phone contract on November 5, 2006. ICE did not respond to 
this request for several months. Finally, ICE said they had the 
documents ready for a January 17, 2007, meeting with GAO auditors. ICE 
officials had the documents physically present at the meeting, but 
would not let GAO have the documents or look at the documents because 
they said they had not yet been vetted through their lawyers (even 
though more than 2 months had passed since the original request). GAO 
auditors made multiple follow-up calls, but ICE delayed another two and 
a half weeks before providing the documents.
     During a meeting in October 2006, we requested information 
from the Department of Health and Human Services (HHS) regarding 
medical treatment of detainees. HHS forwarded their response to DHS who 
refused to give it to GAO until it had gone through the ICE attorneys' 
``approval process.'' GAO did not get the information until February 9, 
2007 (over 3 months later).
    In another review that you joined as a requester, involving 
terrorist watch lists, we experienced numerous delays in receiving 
requested information from DHS, ranging from weeks to months. In one 
case, we requested the status of DHS implementation of provisions of 
Homeland Security Presidential Directives 6 and 11 that were directed 
to DHS, including copies of applicable reports that were to be provided 
to the President. We made this request in May 2006. In August 2006, 
after several follow-up requests, our DHS audit liaison apologized for 
the difficulty in finding someone at DHS to respond to our request. In 
October 2006, the liaison referred us to the Director of the DHS 
Screening Coordination Office, who told us the required reports had 
been developed and that she would obtain copies for us. In February 
2007, DHS finally provided a document that it said was compiled based 
on the reports that it had submitted, excluding information related to 
other departments and agencies.
    The following questions were asked during the hearing, the 
Committee requests that responses be provided in writing.

    Question 24.: GAO has identified significant fraud, waste and abuse 
in the control weaknesses in FEMA's individual and household programs 
and in the DHS's purchase card account. What action has FEMA taken on 
the recommendations to address these weaknesses?
    Response: As noted in the response to question number 13, DHS 
stated that they had amended their purchase card manual in order to 
incorporate suggested changes from our recommendations. They have also 
taken other actions, to include implementing identity and address 
verification on all IHP registrations, implementing controls to prevent 
duplicate IHP registrations using the same social security numbers, and 
implementing a system change to prevent individuals from registering 
for assistance using a Post Office box. However, we have not determined 
if these actions adequately address all our recommendations, nor have 
we performed audit or investigative work to test new controls.

    Question 25.: What DHS components had financial management problems 
before they were merged into the Department and what components have 
them now?
    Response: When DHS was created in March 2003 by merging 22 diverse 
agencies, there were many known financial management weaknesses and 
vulnerabilities in the inherited agencies. For 5 of the agencies that 
transferred to DHS--Customs Service (Customs), Transportation Security 
Administration (TSA), Immigration and Naturalization Service (INS), 
Federal Emergency Management Agency (FEMA), and the Federal Law 
Enforcement Training Center (FLETC)--auditors had reported 30 
reportable conditions, 18 of which were considered material internal 
control weaknesses. Further, of the four component agencies--Customs, 
TSA, INS, and FEMA--that had previously been subject to stand-alone 
audits, all four agencies--systems were found not to be in substantial 
compliance with the requirements of the Federal Financial Management 
Improvement Act of 1996 (FFMIA).
    Some of these components continue to have financial management 
weaknesses today. For example, the Office of Financial Management 
(OFM), U.S. Coast Guard (USCG), TSA, FEMA, Immigration and Customs 
Enforcement (ICE), and the Management Directorate were unable to 
provide sufficient evidence to support account balances presented in 
the financial statements and collectively contributed to the auditors' 
inability to render an opinion. Further, DHS management and three of 
its major components (USCG, TSA, and ICE) were unable to represent that 
the financial statements were presented in conformity with U.S. 
generally accepted accounting principles. USCG was previously part of 
the Department of Transportation and its financial statements had never 
been audited on a stand-alone basis. Those components that attributed 
to material weaknesses in internal control for the area of financial 
management and oversight in fiscal year 2006 were USCG and OFM.

    Question 26.: We understand that FEMA's slow payment process for 
victims during Katrina was the result of poor internal controls and 
information sharing. What steps has the Department taken to resolve 
those problems and what steps remain?
    Response: As noted in the response to question 13 above, FEMA has 
initiated changes that include identity and address verification on all 
IHP registrations, implementing controls to prevent duplicate IHP 
registrations using the same social security numbers, and implementing 
a system change to prevent individuals from registering for assistance 
using a Post Office box. If implemented and tested prior to a disaster, 
effective internal controls over IHP registrations should not delay 
providing assistance to individuals quickly. For example, many address 
and identity validation processes can be accomplished almost 
instantaneously and thus would not delay FEMA's response.

    Question 27.: What are you currently showing as DHS's applications 
backlog? Please separately provide the backlog for applications that 
are pending for security background clearance checks.
    Response: As of January 2007, DHS' U.S. Citizenship and Immigration 
Services (USCIS) had about 3.4 million applications pending 
adjudication. However, as defined by USCIS, its backlog of applications 
constitutes only a portion of the inventory of all pending 
applications. The Immigration Services and Infrastructure Improvements 
Act defines backlog as the number of applications that have been 
pending more than 6 months. However, USCIS' data systems cannot track 
the number of applications that have been pending for more than 6 
months. As a proxy, USCIS generally defines backlog as the number of 
pending applications minus the number of applications received during 
the last 6 months. USCIS also eliminates from its backlog estimate 
applications for which an immigration benefit cannot be granted for 
reasons outside of its control. For example, USCIS does not count 
applications in which the State Department cannot grant a visa because 
a visa allotment is not available and where USCIS is waiting for the 
results of FBI name checks or additional information from the 
applicant. In addition, USCIS does not include certain asylum 
applications in its backlog count. Using USCIS' method for calculating 
its backlog as described above, DHS reported that as of September 2006 
its backlog had been eliminated. However, USCIS did acknowledge that 
there were some applications that have been pending more than 6 months. 
While we do not have any current information on the status of 
applications awaiting security background clearance checks, as of 
September 2006, USCIS reported about 157,000 applications were awaiting 
the results of FBI name checks.

    Question 28.: Are efforts being made to determine whether FEMA's 
revamped systems will work in an actual disaster? For example, have 
there been dry runs or other simulations?
    Response: FEMA has conducted regional tabletop exercises for the 
2006 hurricane season designed to improve understanding of federal, 
state, and private-sector capabilities and expectations, including 
those for evacuation and mass care. FEMA also plans to conduct regional 
hurricane preparedness exercises prior to 2007 hurricane season. The 
2006 exercises did not test the actual deployment and use of new 
communications equipment, surveillance teams, and other changes that 
FEMA has developed since Katrina.
    FEMA has tested some of its newly developed capabilities in some 
recent, smaller disasters, such as Hurricane Ernesto in 2006 and the 
storms that recently wreaked destruction in the Southeast. However, to 
our knowledge, FEMA has not conducted any exercises that have 
realistically tested its newly developed capabilities in a 
realistically simulated major disaster.
    Under the Post-Katrina Reform Act, enacted in October 2006, FEMA is 
to carry out a national training program to implement, and a national 
exercise program to test and evaluate the National Preparedness Goal, 
National Incident Management System, and the National Response Plan and 
other related plans and strategies. Such training and exercises could 
provide FEMA an opportunity to realistic test and evaluate the 
improvements it is working to implement.

    Question 29.: Does DHS have sufficient resources to deal with the 
immigration applications if we were to have a temporary guest worker 
program?
    Response: In all likelihood, DHS would need additional resources to 
implement a temporary guest worker program. According to one study, of 
the estimated 11 million undocumented aliens in the United States in 
2005, about 7 million were working. Assuming all or most of the 7 
million apply for a temporary worker program, this number of applicants 
would be more than the 6.7 million applications for all immigration 
benefits USCIS completed in fiscal year 2006--in effect doubling 
USCIS's workload. As it has done in the past, USCIS could hire 
temporary adjudicators to deal with the expected surge in applications. 
Under the law, immigration benefit application fees are to be set to 
recover the full cost of providing immigration benefits.

    Question 30.: We understand that FEMA's slow payment process for 
victims during Katrina was the result of poor internal controls and 
information sharing. What steps has the Department taken to resolve 
those problems and what steps remain?
    Response: As noted in the response to question 13 above, FEMA has 
initiated changes that include identity and address verification on all 
IHP registrations, implementing controls to prevent duplicate IHP 
registrations using the same social security numbers, and implementing 
a system change to prevent individuals from registering for assistance 
using a Post Office box. If implemented and tested prior to a disaster, 
effective internal controls over IHP registrations should not delay 
providing assistance to individuals quickly. For example, many address 
and identity validation processes can be accomplished almost 
instantaneously and thus would not delay FEMA's response.

  Questions from the Honorable Peter T. King, Ranking Minority Member

    Question 31.: Mr. Walker, you have said that the Department of 
Homeland Security and the Department of Defense each should establish a 
new Deputy Secretary position specifically to focus on management and 
transformation. You also advocated that this position should be filled 
by longer-term executives to provide for greater continuity within the 
departments.
        A. What is your rationale for creating a new Deputy Secretary 
        position?
        B. Why not simply augment the authorities of the existing Under 
        Secretary for Management within DHS?
        C. Wouldn't a new Deputy Secretary be another layer of 
        bureaucracy which would overlap the role of the existing Deputy 
        Secretary at DHS and create confusion within the organization?
        D. Wouldn't a longer-term executive serving in this new 
        position create inherent conflict with changes in leadership of 
        the Department?
    Response: A. DHS faces enormous management and organizational 
transformation challenges as it continues to simultaneously establish 
itself, integrate numerous entities and systems, and protect the nation 
from terrorism. Success would not simply result in a collection of 
components in a new department, but the transformation of the various 
programs and missions into a high-performing, focused organization.\20\ 
However, the size, complexity, and importance of DHS's mission make the 
challenges involved especially daunting. As DHS and other agencies 
across the federal government embark on large-scale organizational 
change initiatives in order to address 21st century challenges, there 
is a compelling need for a single organizational focus on key 
management functions, such as human capital, financial management, 
information technology, and acquisition management, as well as for 
selected transformation initiatives within the department or agency. A 
Chief Operating Officer (COO)/Chief Management Officer (CMO) or similar 
position may effectively provide the continuing, focused attention 
essential to successfully completing these multiyear 
transformations.\21\
---------------------------------------------------------------------------
    \20\ GAO, Highlights of a GAO Forum on High-Performing 
Organizations: Metrics, Means, and Mechanisms for Achieving High 
Performance in the 21st Century Public Management Environment, GAO-04-
343SP (Washington, D.C.: Feb. 13, 2004).
    \21\ GAO, Highlights of a GAO Roundtable: The Chief Operating 
Officer Concept: A Potential Strategy to Address Federal Governance 
Challenges, GAO-03-192SP (Washington, D.C.: Oct. 4, 2002).
---------------------------------------------------------------------------
    Establishing a COO/CMO position at DHS--with, importantly, the 
appropriate level of responsibility and authority--could enable the 
department to address the following.
         Elevate attention on management issues and 
        transformational change. Top leadership attention is essential 
        to overcome organizations' natural resistance to change, 
        marshal the resources needed to implement change, and build and 
        maintain the organizationwide commitment to new ways of doing 
        business. We have previously reported that building an 
        effective DHS will require consistent and sustained leadership 
        from top management to ensure the needed transformation of 
        disparate agencies, programs, and missions into an integrated 
        organization.\22\
---------------------------------------------------------------------------
    \22\ For example, see GAO-05-139, GAO-04-876R, and GAO-03-102.
---------------------------------------------------------------------------
         Integrate various key management and transformation 
        efforts. The federal government often places management 
        responsibilities, such as information technology, human 
        capital, or financial management, into ``stovepipes'' and fails 
        to design and implement organizational transformation efforts 
        in a comprehensive, ongoing, and integrated manner. There needs 
        to be a single point within agencies with the perspective and 
        responsibility--as well as authority--to ensure the successful 
        implementation of functional management and, if appropriate, 
        transformation efforts.\23\
---------------------------------------------------------------------------
    \23\ GAO, Chief Operating Officer Concept at DHS, GAO-04-876R 
(Washington, D.C.: June 28, 2004).
---------------------------------------------------------------------------
         Institutionalize accountability for addressing 
        management issues and leading transformational change. 
        Management weaknesses in some agencies are deeply entrenched 
        and longstanding and will take years of sustained attention and 
        continuity to resolve. In our previous work, we have noted that 
        the experiences of successful transformation initiatives in 
        large private and public sector organizations suggest that it 
        can often take at least 5 to 7 years until such initiatives are 
        fully implemented and the related cultures are transformed in a 
        sustainable manner.\24\ In the federal government, the frequent 
        turnover of the political leadership has often made it 
        extremely difficult to obtain the sustained attention required 
        to make needed changes.
---------------------------------------------------------------------------
    \24\ GAO, Highlights of a GAO Forum: Mergers and Transformation: 
Lessons Learned for a Department of Homeland Security and Other Federal 
Agencies, GAO-03-293SP (Washington, D.C.: Nov. 14, 2002).
---------------------------------------------------------------------------
    B. As currently structured, the roles and responsibilities of the 
Under Secretary for Management at DHS contain some of the 
characteristics of a COO/CMO position, such as elevating, integrating, 
and institutionalizing responsibility for key functional management 
initiatives. However, we have previously raised the issue of whether or 
not the Under Secretary has sufficient authority to direct, and make 
trade-off decisions for the management integration initiatives and the 
institutionalization of them across the department.\25\ We have also 
suggested that the Congress continue to closely monitor whether 
additional leadership authorities are needed for the Under Secretary, 
or whether a revised organizational arrangement is needed to fully 
capture the roles and responsibilities of a COO/CMO position, including 
a performance agreement and term limit.\26\
---------------------------------------------------------------------------
    \25\ GAO-05-139.
    \26\ GAO-05-139.
---------------------------------------------------------------------------
    C.T1 As we have previously reported, the establishment of a COO/CMO 
position needs to be considered carefully with regard to existing 
positions and responsibilities so that it does not result in 
unnecessary ``layering'' in a department or agency.\27\ Under this 
concept, the COO/CMO provides a single organizational focus for key 
management functions and change efforts. If the current Under Secretary 
for Management position at DHS were elevated to a Deputy Secretary for 
Management position, the incumbent would continue to be responsible for 
coordinating and integrating key management functions, such as human 
capital, financial management, information, technology, and acquisition 
management, as well as selected transformation initiatives within the 
department. The existing DHS Deputy Secretary position would then have 
responsibility and authority for all mission-related components of the 
department and the programmatic policies and operations of those 
components.
---------------------------------------------------------------------------
    \27\ GAO-04-876R.
---------------------------------------------------------------------------
    Given the competing demands on deputy secretaries in executive 
branch departments across the government to help execute the 
President's policy and program agendas, it is not practical to expect 
that they will be able to consistently undertake this vital integrating 
responsibility. Moreover, while many deputy secretaries may be 
nominated based in part on their managerial experience, it has not 
always been the case, and not surprisingly, the management skills, 
expertise, and interests of the deputy secretaries have always varied 
and will continue to vary. As a result of short-term priorities and 
other demands on the time of agency heads and their deputies, they 
generally do not have the ability to focus enough dedicated attention 
to management issues. Furthermore, top officials in the public sector 
are typically political appointees who do not stay in their positions 
long enough to effectively address key transformation initiatives.
    D. In our prior work, we have concluded that sustained leadership 
drives high-performing organizations to achieve results.\28\ A long-
term executive, such as a COO/CMO, could provide the continued focused 
attention essential to completing organizational transformation 
regardless of continual changes of the leadership in federal agencies. 
High turnover among politically appointed leaders can make it difficult 
to follow through with organizational transformation because the 5 to 7 
years often needed to complete a transformation can easily outlast the 
tenures of top political appointees.\29\ Given the continual turnover 
in the leadership of federal agencies, it is particularly important for 
appointees and senior career civil servants to develop good working 
relationships from the beginning. People are the primary resource of 
high-performing organizations and they need to be fully engaged for the 
organization to achieve its mission and strategic goals and to 
transform successfully.
---------------------------------------------------------------------------
    \28\ GAO-04-343SP.
    \29\ GAO, Results Oriented Cultures: Creating a Clear Linkage 
Between Individual Performance and Organizational Success, GAO-03-488 
(Washington, D.C.: Mar. 14, 2003).
---------------------------------------------------------------------------

      Questions for the Record from the Honorable Marsha Blackburn

    Question 32.: What is CIS's current backlog?
         Does CIS count as a part of their backlog any 
        applications pending for security background checks or any that 
        are waiting for action from another agency?
         If these were counted, what would be your estimate of 
        CIS's backlog?
         In your opinion, does CIS have sufficient resources to 
        process more immigration applications if a temporary guest 
        worker program was implemented?
         What types of risks would this type of program 
        generate?
    Response: As we noted in our response to question 27, as of January 
2007, USCIS had about 3.4 million applications pending adjudication. 
However, USCIS considers only a portion of its pending applications 
when computing its backlog and does exclude applications for which an 
immigration benefit cannot be granted for reasons outside of its 
control, such as applications where a visa is not yet available or 
where USCIS is waiting for results of FBI name checks or additional 
information from the applicant. Using USCIS' method for calculating its 
backlog, DHS reported that as of September 2006 USCIS' backlog had been 
eliminated. As we noted in our response to question 29, in all 
likelihood, DHS would need additional resources to implement a 
temporary guest worker program.
    While it is difficult to predict what types of risks this type of 
program could generate, results from some of our recent work may shed 
some light on potential risks and challenges. In September 2006 we 
reported on selected other countries' experience with foreign workers. 
Experts and government officials noted that it was difficult to 
successfully ensure foreign workers' on temporary work permits return 
to their home countries, and as a result, countries we studied 
estimated that a significant number of immigrants overstayed their work 
permits, thus lapsing into illegal status. In addition, experts 
suggested that temporary foreign worker programs or other initiatives 
that increase the number of foreign workers legally admitted do not 
help reduce illegal immigration flows but rather help increase 
immigrant populations in receiving countries, which may encourage 
further legal and illegal immigration flows. There is a risk that 
individuals may fraudulently obtain a benefit under a temporary worker 
program. In March 2006, we reported that immigration benefit fraud was 
an ongoing and serious problem, accomplished by applicants submitting 
fraudulent documents and sometimes facilitated by white collar and 
other criminals. USCIS has not yet implemented some aspects of internal 
control standards that could further enhance its ability to detect 
fraud, such as providing adjudicators with the tools needed to better 
detect fraud and performance goals to measure its benefit fraud 
activities. In addition, although best practices advise that a credible 
sanctions program is an integral part of fraud control, DHS did not 
have a strategy for sanctioning those that commit fraud, limiting its 
ability to project a convincing message that those who commit fraud 
face a credible threat of punishment. Lastly, as was the case in 1986 
when application processing resources were diverted to implement the 
Immigration Reform and Control Act's legalization program, there is a 
risk that application backlogs for other immigration benefits could 
build because USCIS may have to divert resources to implement any new 
temporary worker program.

    Question 33.: Mr. Walker, DHS has implemented many requirements of 
GPRA. What other requirements do they still need to meet?
    Response: The Government Performance and Results Act (GPRA) 
requires that agency strategic plans be updated at least every 3 years. 
DHS has not yet updated its first strategic plan, which was released in 
February 2004. In 2005, we reported that DHS's strategic plan does not 
meet the GPRA-required element to describe the relationship between 
annual and long-term goals, but does address the other five GPRA-
required elements--a mission statement, long-term goals, strategies to 
achieve the goals, external key factors, and program evaluations.\30\ 
The linkage between annual and long-term goals is crucial for 
determining whether an agency has a clear sense of how it will assess 
progress toward achieving the intended results of its long-term goals. 
DHS officials said that because of the limited time available to create 
the strategic plan, they decided not to include a discussion of annual 
performance goals in order to achieve broad consensus among agency 
components on DHS's mission and long-term strategic goals and 
objectives. We recommended that DHS's next strategic plan include such 
a description. In addition, we recommended that DHS's next strategic 
plan further develop the GPRA-required elements addressed in its first 
strategic plan by adopting additional good strategic planning 
practices, including a timeline for achieving long-term goals; a 
description of the specific budgetary, human capital, and other 
resources need to achieve those goals; a schedule of program 
evaluations planned; and a discussion of strategies to ameliorate the 
effect of any key external factors. DHS agreed with these 
recommendations. DHS has also developed annual performance plans and 
performance reports as required by GPRA, but we have not evaluated 
whether these documents meet GPRA requirements.
---------------------------------------------------------------------------
    \30\ GAO, Results Oriented Government: Improvements to DHS's 
Planning Process Would Enhance Usefulness and Accountability, GAO-05-
300 (Washington, D.C.: Mar. 31, 2005).

    Question 34.: What does DHS need to do to be in full compliance 
with FFMIA?
    Response: DHS needs to address its material weaknesses in internal 
control and other reportable conditions reported by its independent 
auditor that contributed to the department's non-compliance with the 
Federal Financial Management Improvement Act of 1996 (FFMIA). For 
example, DHS should conduct an assessment of its current financial 
reporting process, with the goal of reducing complexity, implementing 
appropriate internal controls, improving financial systems integration 
and automating manual processes. FFMIA requires that agencies covered 
by the Chief Financial Officers Act of 1990 implement and maintain 
financial management systems that comply substantially with (1) federal 
financial management system requirements, (2) applicable federal 
accounting standards, and (3) the U.S. Government Standard General 
Ledger at the transaction level. FFMIA emphasizes the need for agencies 
to have systems that can generate timely, reliable, and useful 
information with which to make informed decisions to ensure ongoing 
accountability. According to its independent auditor, DHS and each 
significant component of the department did not fully comply with at 
least one of the requirements of FFMIA in fiscal year 2006. Until DHS 
addresses the related material weaknesses in internal control and other 
reportable conditions, the department will not be compliant with FFMIA.

    Question 35.: Does DHS have an adequate plan that streamlines 
coordination between FEMA and state and local governments?
    Response: While the National Response Plan discusses the roles and 
responsibilities of Federal, state, and local organizations in support 
of domestic incident management, we have not evaluated the extent to 
which the National Response Plan or other plans streamline coordination 
between FEMA and state and local governments. We are currently 
conducting a review of how states collaborate with each other--as well 
as with key federal players such as FEMA--to efficiently deploy state, 
local, and other resources across state lines in response to disasters 
through the Emergency Management Assistance Compact. This work is being 
conducted at the request of the Senate Committee on Homeland Security 
and Governmental Affairs and we expect to issue our report later this 
year, at which time we would be happy to share our findings with this 
Committee.

    Question 36.: How many procurement staff are needed to oversee 
major acquisition projects?
    Response: The number of procurement staff needed to oversee major 
acquisition projects generally varies based on the complexity and size 
for individual projects. Procurement and program management staff are 
involved in oversight activities. DHS' workforce plan for fiscal years 
2005--2008 includes a description of initiatives to certify and train 
acquisition workforce professionals including contracting officers, 
contracting officers' technical representatives, and program managers. 
In September 2006, DHS reported on plans for increased staffing of the 
eight component contracting offices and plans to initiate a program 
manager needs assessment in the near future.

    Question 37.: Who is the primary overseer of Coast Guard 
acquisitions and Deepwater vessel designs?
    Response: The Coast Guard is responsible for establishing, updating 
and managing system operational requirements; responding to mission 
demand and environment changes; and operating the system for the 
Deepwater program. As the systems integrator, Integrated Coast Guard 
Systems (ICGS) is responsible for designing and constructing the 
system, developing associated concepts of operations and logistics 
support plans, and delivering an Integrated Deepwater System that meets 
system performance requirements. The Coast Guard and ICGS both have 
responsibilities in managing the Deepwater acquisition. Central to the 
management structure of the Deepwater program are Integrated Product 
Teams (IPTs). IPTs are comprised of Coast Guard and ICGS members, 
including subcontractors, who work collaboratively to accomplish a 
specific objective within the acquisition program. The IPTs are ICGS-
led.\31\ IPTs serve as the Coast Guard's primary tool for managing the 
program and overseeing the system integrator. We have reported that 
IPTs have struggled to accomplish their mission.
---------------------------------------------------------------------------
    \31\ Joint IPTs are ICGS-led with the exception of the Program 
Management Team, which is co-chaired, and the Test and Evaluation IPT 
which is Coast Guard led.
---------------------------------------------------------------------------
    More broadly, the proper role of contractors in providing services 
to the government is currently the topic of some debate. I believe 
there is a need to focus greater attention on what type of functions 
and activities should be contracted out and which ones should not. 
There is also a need to review the current independence and conflict of 
interest rules relating to contractors. Finally, there is a need to 
identify the factors that prompt the government to use contractors in 
circumstances where the proper choice might be the use of civil 
servants or military personnel. Possible factors could include 
inadequate force structure, outdated or inadequate hiring policies, 
classification and compensation approaches, and inadequate numbers of 
full-time equivalent slots.

    Question 38.: Besides the lack of procurement staff to conduct 
oversight, what other factors have caused problems in these areas?
    Response: Since it was established in March 2003, DHS has been 
faced with assembling 22 separate federal agencies and organizations 
with multiple missions, values, and cultures into one cabinet-level 
department. This mammoth task--one of the biggest mergers ever to take 
place within the federal government--involves a variety of 
transformational efforts, one of which is to design and implement the 
necessary management structure and processes for acquiring goods and 
services. To a great extent, the various acquisition organizations 
within the department are still operating in a disparate manner, with 
oversight of acquisition activities left primarily up to each 
individual organization. DHS' progress in creating a unified 
acquisition organization has been slowed by policy decisions that 
create ambiguity. An October 2004 management directive emphasizes the 
need for a unified, integrated acquisition organization but relies on a 
system of dual accountability between the Chief Procurement Officer and 
the heads of the department's organizations to make this happen. The 
Chief Procurement Officer has been delegated the responsibility to 
manage, administer, and oversee all acquisition activity across DHS, 
but in practice enforcement of these activities is spread throughout 
the department with unclear accountability. Further, the directive 
states that the U.S. Coast Guard and U.S. Secret Service are 
statutorily exempt from its application. Although the Homeland Security 
Act provides that both the Coast Guard and the Secret Service shall be 
maintained as distinct entities within the department, we found no 
reasonable basis to conclude that the directive could not be made 
applicable to them. Rather, it appears to be a policy decision that is 
likely to hamper efforts to effectively integrate the acquisition 
function in DHS.

    Question 39.: What would be your recommendations on systems that 
DHS should implement to prevent waste, fraud, and abuse?
    Response: GAO has made numerous specific recommendations to FEMA 
and DHS aimed at improving systems, processes, and internal controls 
over the IHP and purchase card programs. In addition, GAO testified on 
July 12, 2006 on the elements of a basic framework for fraud 
prevention, detection, and prosecution related to individual disaster 
assistance programs, and testified again on January 29, 2007 on fraud 
prevention as part of the hurricane recovery effort. If DHS and FEMA 
were to implement our specific recommendations and develop a 
comprehensive fraud prevention framework as outlined in our 
testimonies, DHS and FEMA should be in a position to effectively 
minimize the risk for fraud, waste, and abuse within the purchase card 
and individual assistance programs.

                                 
