[Senate Hearing 114-632]
[From the U.S. Government Publishing Office]


                                                        S. Hrg. 114-632

                 DHS MANAGEMENT AND ACQUISITION REFORM

=======================================================================

                                 HEARING

                               BEFORE THE

                              COMMITTEE ON
               HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS
                          UNITED STATES SENATE

                    ONE HUNDRED FOURTEENTH CONGRESS


                             SECOND SESSION

                               __________

                             MARCH 16, 2016

                               __________

        Available via the World Wide Web: http://www.fdsys.gov/

                       Printed for the use of the
        Committee on Homeland Security and Governmental Affairs
        
        
        
[GRAPHIC NOT AVAILABLE IN TIFF FORMAT]



                               __________
                               

                    U.S. GOVERNMENT PUBLISHING OFFICE                    
22-769 PDF                  WASHINGTON : 2017                     
          
----------------------------------------------------------------------------------------
For sale by the Superintendent of Documents, U.S. Government Publishing Office, 
http://bookstore.gpo.gov. For more information, contact the GPO Customer Contact Center, 
U.S. Government Publishing Office. Phone 202-512-1800, or 866-512-1800 (toll-free). 
E-mail, [email protected]. 

        
        

        COMMITTEE ON HOMELAND SECURITY AND GOVERNMENTAL AFFAIRS

                    RON JOHNSON, Wisconsin Chairman
JOHN McCAIN, Arizona                 THOMAS R. CARPER, Delaware
ROB PORTMAN, Ohio                    CLAIRE McCASKILL, Missouri
RAND PAUL, Kentucky                  JON TESTER, Montana
JAMES LANKFORD, Oklahoma             TAMMY BALDWIN, Wisconsin
MICHAEL B. ENZI, Wyoming             HEIDI HEITKAMP, North Dakota
KELLY AYOTTE, New Hampshire          CORY A. BOOKER, New Jersey
JONI ERNST, Iowa                     GARY C. PETERS, Michigan
BEN SASSE, Nebraska

                  Christopher R. Hixon, Staff Director
             David S. Luckey, Director of Homeland Security
    Jeffrey A. Fiore, U.S. Government Accountability Office Detailee
              Gabrielle A. Batkin, Minority Staff Director
           John P. Kilvington, Minority Deputy Staff Director
     Stephen R. Vina, Minority Chief Counsel for Homeland Security
    Marian P. Gibson, Minority U.S. Department of Homeland Security 
                                Detailee
Timothy D. McCrosson, Minority Office of Management and Budget Detailee
                     Laura W. Kilbride, Chief Clerk
                   Benjamin C. Grazda, Hearing Clerk
                            
                            
                            C O N T E N T S

                                 ------                                
Opening statements:
                                                                   Page
    Senator Johnson..............................................     1
    Senator Carper...............................................     2
    Senator Lankford.............................................    20
Prepared statements:
    Senator Johnson..............................................    25
    Senator Carper...............................................    26

                                WITNESS
                       Wednesday, March 16, 2016

Hon. Russell C. Deyo, Under Secretary for Management, U.S. 
  Department of Homeland Security................................     4
Hon. Charles H. Fulghum, Deputy Under Secretary for Management 
  and Chief Financial Officer, U.S. Department of Homeland 
  Security.......................................................     7
Hon. John Roth, Inspector General, U.S. Department of Homeland 
  Security.......................................................     9
Rebecca Gambler, Director, Homeland Security and Justice, U.S. 
  Government Accountability Office...............................    10
Michele Mackin, Director, Acquisition and Sourcing Management, 
  U.S. Government Accountability Office..........................    12

                     Alphabetical List of Witnesses

Deyo, Hon. Russell C.:
    Testimony....................................................     4
    Joint prepared statement.....................................    28
Fulghum, Hon. Charles H.:
    Testimony....................................................     7
    Joint prepared statement.....................................    28
Gambler, Rebecca:
    Testimony....................................................    10
    Joint prepared statement.....................................    56
Mackin, Michele:
    Testimony....................................................    12
    Joint prepared statement.....................................    56
Roth, Hon. John:
    Testimony....................................................     9
    Prepared statement...........................................    40

                                APPENDIX

Responses to post-hearing questions for the Record from:
    Mr. Deyo and Mr. Fulghum.....................................    82
    Mr. Roth.....................................................   104
    Ms. Gambler and Ms. Mackin...................................   107

 
 U.S. DEPARTMENT OF HOMELAND SECURITY MANAGEMENT AND ACQUISITION REFORM

                              ----------                              


                       WEDNESDAY, MARCH 16, 2016

                                     U.S. Senate,  
                           Committee on Homeland Security  
                                  and Governmental Affairs,
                                                    Washington, DC.
    The Committee met, pursuant to notice, at 2:00 p.m., in 
room SD-342, Dirksen Senate Office Building, Hon. Ron Johnson, 
Chairman of the Committee, presiding.
    Present: Senators Johnson, Lankford, Ayotte, Ernst, Sasse, 
Carper, Booker, and Peters.

             OPENING STATEMENT OF CHAIRMAN JOHNSON

    Chairman Johnson. This hearing will come to order.
    I want to thank all of our witnesses for appearing before 
us today, for your thoughtful testimony, and for your time here 
today.
    Unfortunately, I am going to have to leave at a little bit 
before 3:00. We will probably turn it over to the capable hands 
of my Ranking Member here.
    Senator Carper. I object. [Laughter.]
    Chairman Johnson. Well, then we have a problem.
    Senator Carper. OK. I do not object.
    Chairman Johnson. This is an important hearing. We have 
been working on this project for about a year in a bicameral, 
and I think, a very bipartisan way. We have been working with 
the House Committee on Homeland Security, this Committee, the 
Department of Homeland Security (DHS), and the Government 
Accountability Office (GAO) really trying to address many of 
the problems that GAO has recognized in its ``High-Risk List,'' 
trying to authorize and put into statute the types of 
management reforms that the good folks, the dedicated people, 
at the Department of Homeland Security are trying to implement 
to pass on a stronger Department to the next Administration--
which we really appreciate that. So, I do not want to take a 
whole lot of time in my opening statement. I just want to 
really encourage that process, in terms of DHS management and 
acquisition reform.
    The difference with what we do here in the Senate is--the 
House passed a bill with that combined into one bill. I think, 
just recognizing there may be some issues, we decided to 
separate those 2 into 2 different bills. So, again, we are all 
about getting results here, in this Committee, trying to find 
areas of agreement.
    I do have to note--because yesterday we did hold a hearing 
where we talked about potential problems, in our visa programs, 
and, during that hearing, I did ask questions about a pretty 
troubling incident that occurred at the San Bernardino United 
States Citizenship and Immigration Services (USCIS) office, and 
I asked Director Sarah Saldana and Director Leon Rodriguez 
about that.
    Last night, we learned, shortly after the hearing, that the 
U.S. Immigration and Customs Enforcement (ICE) supervisors are 
seeking information about who provided that information to 
Congress. I am very concerned that ICE's management is seeking 
out those individuals in order to retaliate, or otherwise 
punish them, for providing information to Congress. So, I want 
to make it very clear, today, that our Committee will be 
monitoring this situation very carefully.
    The Federal Government has a very poor record of 
retaliation. We have held numerous hearings about this, and it 
is really quite shocking how often the Federal Government 
retaliates. But, I certainly will not stand for--and I do not 
think this Committee will stand for--any retribution against 
those who had the courage to come forward to reveal this 
incident.
    Federal law expressly protects Federal employees' rights to 
furnish information to Congress--and any form of retaliation 
against Federal employees for furnishing information to 
Congress will not--and should not--be tolerated.
    So, this afternoon, I will be sending a letter to Homeland 
Security Secretary Jeh Johnson about this matter and asking him 
to direct all DHS managers and employees to follow Federal law 
regarding whistleblower protection. And, Inspector General (IG) 
John Roth, I will also be sending a letter to you about this 
matter, formally requesting that you investigate the San 
Bernardino incident.
    With that, I will turn it over to my Ranking Member, 
Senator Carper.

              OPENING STATEMENT OF SENATOR CARPER

    Senator Carper. Thank you. Thank you, Mr. Chairman.
    I want to welcome back Under Secretary Russ Deyo, whom we 
have not seen for almost 24 hours--actually, a little bit 
longer than that--Deputy Under Secretary Chip Fulghum, John 
Roth, our DHS Inspector General, who I think we did see 24 
hours ago, and GAO Directors Rebecca Gambler and Michele 
Mackin. It is nice to see you all. And, thank you, Mr. 
Chairman, for calling this important hearing, and to each of 
you for being here and for helping to guide us and for sharing 
your wisdom with us.
    As the Chairman has alluded to, our oversight, on this 
Committee, is usually focused on the men and women at the 
Department of Homeland Security who are working on the front 
lines at our airports, our land borders, and our coasts. But, 
backing up the Department's front-line personnel is a dedicated 
cadre of professionals in the DHS Management Directorate. The 
Management Directorate controls the Department's finances; it 
oversees the acquisition of assets and the procurement of 
services; it manages the Department's information technology 
(IT) backbone; and it makes sure that all employees get the 
paychecks--the correct paychecks--as well as the benefits and 
salary that they have earned. And, as some of you have heard me 
say before--as my colleagues have heard me say before--
management really does matter. It does matter.
    Our friends from GAO and the DHS Inspector General have 
kept a close eye on the Department's management and acquisition 
practices. We are grateful for that. And, as their testimony 
indicates, there have been a number of challenges in these 
areas since the Department's creation about 13 years ago. And, 
the management of the Department, of course, continues to be on 
GAO's ``High-Risk List,'' as Secretary Johnson continues his 
predecessors' efforts to merge nearly 2 dozen agencies that 
were once spread across the entire Federal Government.
    Despite the massive undertaking of stitching together so 
many agencies with different missions and different cultures, 
we have seen a number of management successes at the Department 
over the years. We celebrate those. In fact, I was very pleased 
to hear--we were very pleased to hear that the Department has 
just taken another step toward getting off of the ``High-Risk 
List'' by improving the monitoring of its key management 
initiatives. And, that is definitely good news--and Secretary 
Johnson and his team deserve to be commended--and we commend 
you.
    But, as the Inspector General has noted before, addressing 
the Department's long-term management challenges requires a 
commitment to building--and sustaining--I will say that again--
a commitment to building and sustaining a culture that 
recognizes the need to act in a more unified, inclusive, and 
transparent manner. And, I could not agree more. That is why I 
strongly support Secretary Johnson's ``Unity of Effort 
Initiative,'' which seeks to create more cohesion and 
efficiency across the Department by standing up joint 
operations.
    Last week, Secretary Jeh Johnson sat right here in front of 
us and told our Committee that he would like to see his 
management initiatives codified in law, so that the 
improvements he and his team are making can be sustained and 
made even stronger by the next Administration. I think that 
makes a lot of sense, and it is why I have joined our Chairman 
in cosponsoring two pieces of legislation that would seek to 
make permanent many of the management reforms that the 
Department has already instituted. In some cases, our 
legislation provides new authority or requirements. For 
example, the DHS management bill provides headquarters 
officials with additional authority that they can use to better 
oversee the activities of the components. It would also require 
DHS to report to GAO every 6 months on the progress being made 
to get off of the ``High-Risk List.''
    The second bill focuses on improving the acquisition 
processes at the Department. Among other things, this bill 
would, for the first time, designate the Under Secretary for 
Management as the single leader accountable for all DHS 
acquisition programs. It would also vest the Under Secretary 
with the statutory authority to halt, to modify, or to cancel 
acquisition programs that are struggling or are not deemed to 
be viable. And, while I believe these bills provide a solid 
foundation for the Department to continue to mature and grow 
even stronger, I know they are not perfect. And, when something 
is not perfect, we should make it better. And, I look forward 
to working with all of our colleagues on further ways to 
improve these bills.
    In closing, I just want to add I think it is important to 
remember that the Department, at the tender age of 13, is still 
a young organization--a teenager. And, given this fact, it 
needs proper guidance, firm rules, and strong oversight. And, 
that is where these bills and this hearing come into place. By 
working together, we can help give the Department--enable the 
Department, I think, but give them the tools that they need and 
the authorities they need to continue to mature and truly 
become ``One DHS.''
    Thank you, Mr. Chairman. Thank you all. Welcome one and 
all.
    Chairman Johnson. And 13-year-olds can be quite difficult. 
[Laughter.]
    Thank you, Senator Carper.
    I would ask that my opening statement be entered into the 
record.\1\
---------------------------------------------------------------------------
    \1\ The prepared statement of Senator Johnson appears in the 
Appendix on page 25.
---------------------------------------------------------------------------
    With that, it is the tradition of this Committee to swear 
in witnesses, so if you will all rise and raise your right 
hand. Do you swear the testimony you will give before this 
Committee will be the truth, the whole truth, and nothing but 
the truth, so help you, God?
    Mr. Deyo. I do.
    Mr. Fulghum. I do.
    Mr. Roth. I do.
    Ms. Gambler. I do.
    Ms. Mackin. I do.
    Chairman Johnson. Please be seated.
    Our first witness is Mr. Russ Deyo. Mr. Deyo is the Under 
Secretary for Management at the Department of Homeland 
Security. In this position, Mr. Deyo oversees the Department's 
management programs, processes, and workforces. Secretary Deyo.

TESTIMONY OF THE HONORABLE RUSSELL C. DEYO,\2\ UNDER SECRETARY 
      FOR MANAGEMENT, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Deyo. Thank you, Mr. Chairman. It is a pleasure to be 
here. I appreciate that. It is actually an honor to be here at 
this table with the Deputy Under Secretary for Management and 
Chief Financial Officer (CFO) Chip Fulghum. I could not have a 
better partner and leader.
---------------------------------------------------------------------------
    \2\ The joint prepared statement of Hon. Deyo and Hon. Fulghum 
appears in the Appendix on page 28.
---------------------------------------------------------------------------
    I am also very pleased with our working relationship with 
Inspector General Roth and with GAO, including with Ms. Gambler 
and Ms. Mackin. We work at an appropriate arm's length, but 
have a good, collaborative relationship--and it is a pleasure 
to be here.
    Senator Carper. Let the record show that the IG nodded his 
head affirmatively. [Laughter.]
    Mr. Deyo. Thank you for putting that on the record.
    Before I go further, Chairman Johnson, thank you for your 
opening comments. I understand your concerns, and I promise you 
I will personally follow up on this as well. But, I totally 
appreciate and understand your concerns.
    I am going to be brief because we are familiar, but I 
thought I would try to just, at a high level, set the tone and 
the background for what we are seeking to address. The letter 
to me, the invitation, asked us to address 3 things: management 
and acquisition challenges historically faced by DHS, progress 
made in addressing those challenges, and potential reforms for 
outstanding challenges. And, I am going to address each of 
those very briefly, from my perspective--and my perspective, as 
many of you know, is based on my 25 years-plus experience at 
Johnson & Johnson, which, like the Department, is a highly 
decentralized organization with very different companies under 
the broad umbrella of health care. Just as the Federal 
Emergency Management Agency (FEMA) is quite different from ICE, 
Neutrogena, the consumer skin care company, is very different 
from Johnson Pharmaceutical, a research organization. So, I 
have experience in trying to find that right balance between 
when stand-alone entities can work, independently, but when it 
is best for them to work together. And, I have tried to bring 
that experience to bear on what I have seen.
    As you know, I joined the Department last spring, basically 
a year into the Secretary's ``Unity of Effort Initiative,'' 
which was based on some good work that had gone before, but, in 
my judgment, is very close to exactly the right balance between 
independence--Coast Guard acting on its own to deal with people 
lost at sea, but then, when it is appropriate and necessary, 
allowing for strong collaboration across the components to 
achieve our critical mission.
    The ``Unity of Effort'' addresses a number of critical 
areas, as you know, and I will very briefly cover them.
    You have to have a strategy. You have to have a forward-
looking strategy that is reflective of the environment and the 
changing circumstances. Under ``Unity of Effort,'' the Office 
of Policy has that responsibility, working very closely with 
the components to come up with a strategy as well as 
appropriate policy improvements and high-level operational 
directives.
    Then you need senior groups of the leadership so that they 
can be engaged, involved, and have ownership of what is coming. 
So, we have the Senior Leadership Council and the Deputy 
Secretary's Management Action Group, which are very much 
involved in that process.
    Importantly, you need to have mission-focused, cross-
component budgeting, programming, and acquisition processes. 
And, I know that is heavily a tension today. I think we have 
worked hard at improving our acquisition process. A very quick 
example is obviously the Joint Requirements Council (JRC), 
where you have representatives of each component, led by a 
component leader, establishing the requirements. What are the 
needs that we are trying to address in this acquisition? What 
are the capabilities that we are trying to obtain, so that we 
can fulfill our mission responsibilities?
    It does not go forward in the acquisition and process until 
there is alignment and clear definition there. That is a very 
important and huge improvement. And, just to cut a little bit 
to the head of the chase, we have had a JRC in the past, and it 
was not sustainable. It disappeared. What we are trying to do 
here, with the help of your good legislation, is to make sure 
these improvements, at all of these aspects, are sustainable 
and are in place for the next Administration and beyond.
    We also need coordinated operations when the components are 
working together, and that is where the Joint Task Forces 
(JTFs) and the work they are doing on the Southern Border is a 
good example--where components are working together in a common 
leadership structure--sharing data, sharing information, and 
working together to address very important mission-directed 
elements.
    An area that is directly within my area's responsibility is 
coordinated and aligned administrative functions--and you made 
reference to this, Ranking Member Carper. We need strong and 
common finance processes, strong and common IT processes, 
strong and common human resources (HR) processes, and strong 
and common procurement processes. We are getting better at that 
because of the responsibilities of the chiefs of the lines of 
businesses that report to me, the Chief Information Officer 
(CIO), the head of human resources, and Mr. Fulghum, working 
across the components to come up with common approaches, common 
financial systems, and common IT systems--where they are 
collectively addressing what needs to be done to improve those 
systems, replace outmoded ones, and improve our cybersecurity. 
I am seeing it working every day--not that we cannot be better 
and not that we do not need increasing experience, but the 
alignment and the improvements are palpable.
    So, we are working on all fronts to make that better, and 
we will continue to improve. So, from my perspective, the 
``Unity of Effort'' is a big improvement--the right balance of 
independence--and collaboration. And, the legislation that is 
being considered--the 2 pieces of legislation--will go a long 
way to addressing what is, now, our biggest management issue, 
which is making it sustainable.
    And, in that regard, I will also note that some added 
benefits of the legislation are that it makes accountability 
clear, it has great transparency to you and to the American 
public, and, as you well know, it adopts and codifies many of 
the recommendations from the Inspector General and from GAO 
about how we should be operating. And, we embrace that. We 
accept that. We accept the accountability. We accept the 
recommendations that will make us better at what we are doing. 
And, making it sustainable will have a huge benefit for us--a 
huge benefit for us, so people do not have to redo, rethink, or 
restart.
    We need more experience. We will get better and better as 
we do more of these. We are well underway. Things are working. 
But, we just need to make it sustainable, and we will continue 
to improve it, as we go forward.
    So, unless there are any questions for me at this point, I 
would like to turn it over to Mr. Fulghum. I will note this: 
Before I arrived at DHS, he was the Acting Under Secretary for 
Management. His leadership has made a huge difference under the 
``Unity of Effort.'' He started huge improvements with our 
approach to appropriations--excuse me, acquisitions----
    Senator Carper. How do you say--how huge? Like really huge?
    Chairman Johnson. With a ``Y.''
    Mr. Deyo. To be candid, we have a great partnership, and I 
do not think we would--it is great to have somebody who is 
inside and familiar. I bring an outside perspective. We have 
very candid conversations. But, I have seen the impact of what 
he has done, personally, with his leadership, in getting us 
closer to a common financial system, improving our budgeting 
process, becoming mission-focused, and working on the 
acquisition piece. So, if you agree, I will ask Mr. Fulghum----
    Chairman Johnson. Let me introduce him--but, first of all, 
thank you, Secretary Deyo. I think we have been very impressed 
with your contribution to this as well.
    Mr. Deyo. Thank you.
    Chairman Johnson. We are really thankful that you were able 
to come into government, not a real thank-filled job in many 
cases here.
    Mr. Deyo. Not every day.
    Chairman Johnson. But, we appreciate your service.
    Our next witness is ``Chip'' Fulghum, the Deputy Under 
Secretary for Management and Chief Financial Officer at the 
Department of Homeland Security. Mr. Fulghum leads several 
lines of businesses across the Department, including financial, 
human capital, and information technology management. Mr. 
Fulghum.

TESTIMONY OF THE HONORABLE CHARLES H. FULGHUM,\1\ DEPUTY UNDER 
  SECRETARY FOR MANAGEMENT AND CHIEF FINANCIAL OFFICER, U.S. 
                DEPARTMENT OF HOMELAND SECURITY

    Mr. Fulghum. Good afternoon, sir. Chairman Johnson and 
Ranking Member Carper, thank you for allowing us to be here 
today to discuss this important topic. And, thank you to both 
the IG and GAO for their continued partnership. I refer to 
them--and they have heard me say this before--as our ``personal 
trainers.'' We might not like it when we are going through the 
exercise, but they make us better and they put us through our 
paces.
---------------------------------------------------------------------------
    \1\ The joint prepared statement of Hon. Fulghum and Hon. Deyo 
appears in the Appendix on page 28.
---------------------------------------------------------------------------
    Senator Carper. That is nicer than some of the things they 
have been called. [Laughter.]
    Mr. Fulghum. So, when I arrived at the Department in 2012, 
I saw many of the same challenges that had been well documented 
by GAO, the IG, and the Congress. And, when you look at those 
recommendations, they really center around 4 areas, as it 
relates to acquisition.
    First, is better documentation--and, in some cases, getting 
documentation as well as an improved requirements and 
definition process. They have recommended that we need focused 
oversight from the Department. We need better program managers 
that are certified. We need component acquisition executives 
that have clear accountability and whose offices are staffed 
properly. And, then they have repeatedly talked to us about a 
better linkage with science and technology (S&T), research and 
development (R&D), as well as test and evaluation.
    Over the past 2 years, I believe we have made substantial 
progress--and I would like to briefly highlight some of that.
    Since 2012, no program has moved forward in the Department 
without the required documentation. All programs now have the 
required documentation, which includes a life-cycle cost 
estimate. As Mr. Deyo said, we have stood up an operator-
focused Joint Requirements Council--and I want to underscore 
that--an operator-focused Joint Requirements Council. And, the 
first chairman of that Joint Requirements Council was a two-
star admiral operator--to give us the right operational focus 
to make sure that we get the requirements right up front.
    We have made the tough calls when it comes to programs. We 
have canceled programs and we have paused programs, with the 
goal--the simple goal--of making sure we get it right--making 
sure that we deliver the right capability to the operator.
    We have elevated the Component Acquisition Executives 
(CAEs) into components, and there is now a clear relationship 
between the CAE and the Chief Acquisition Officer (CAO) in the 
Department. We have required certification of program managers 
and we have addressed staffing shortfalls in various programs.
    We have improved our training. I believe the Homeland 
Security Acquisition Institute (HSAI) that Soraya Correa runs--
our Chief Procurement Officer (CPO) runs--is an excellent 
program. It turns out we train about 8,000 folks a year in 
various courses. That is excellent--and we continue to improve 
that.
    And then, in terms of affordability, we require 
certifications now from the CFO in terms--the component CFO, 
when every program moves forward at a major milestone, they 
have to provide us with an affordability certification for the 
next 5 years.
    We have moved cost estimating to where I believe it 
belongs, which is with the Chief Financial Officer--and we are 
continuing to build that capability. And, as I said, now every 
program has a life-cycle cost estimate--every major program.
    We have better integration with S&T under the leadership of 
Mr. Deyo. We continue to build that partnership with S&T 
because they are a valued partner, especially at the front end 
of an acquisition.
    In short, all of these results culminate in years of work 
to reform acquisition in the Department--and this bill will 
drive us to sustainment. As I believe you said to us the other 
day, Senator Johnson, you said, ``OK, here is the bill. Now we 
have to see you do it.'' It increases accountability, it 
increases transparency, it increases efficiency, and it 
codifies the progress we have made. As our Secretary likes to 
say, it pours concrete over the hard work that the men and 
women in management have done.
    So, in short, under the leadership of Mr. Deyo, we have 
made huge progress over the last year. I believe we will 
continue to make progress. This legislation is important to the 
Department because, as I said, it codifies much of the progress 
we have made and it holds us accountable to ensure that we 
sustain it, which is key to getting off of the ``High-Risk 
List.''
    So, with that, I welcome any questions you have at this 
time.
    Chairman Johnson. Thank you, Secretary Fulghum.
    Our next witness is John Roth. He is the Inspector General 
at the Department of Homeland Security. In this position, Mr. 
Roth leads the Office of Inspector General's (OIG's) 
independent audits, investigations, and inspections of the 
programs and operations of DHS. Inspector General Roth.

  TESTIMONY OF THE HONORABLE JOHN ROTH,\1\ INSPECTOR GENERAL, 
              U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Roth. Good afternoon, Chairman Johnson, Ranking Member 
Carper, and Members of the Committee. Thank you for inviting me 
here to discuss critical management and acquisition functions 
at DHS.
---------------------------------------------------------------------------
    \1\ The prepared statement of Hon. Roth appears in the Appendix on 
page 40.
---------------------------------------------------------------------------
    Acquisition management, which is critical to fulfilling the 
DHS functions or missions, is inherently complex and high risk. 
It is further challenged by the magnitude and the diversity of 
the Department's procurements. Since its inception in 2003, the 
Department has spent tens of billions of dollars, annually, on 
a broad range of assets and services--from ships, to aircraft, 
to surveillance towers, to financial, human resource, and 
information technology systems. DHS's yearly spending on 
contractual services and supplies, along with the acquisition 
of assets, exceeds $25 billion. Although the Department has 
improved its acquisition processes and taken steps to 
strengthen oversight of major acquisition programs, challenges 
to cost effectiveness and efficiency remain.
    DHS has taken many steps to strengthen department-wide 
acquisition management.
    For example, it has established the Acquisition Life Cycle 
Framework--a four-phase process to assure consistent and 
efficient operation of acquisition management, support, review, 
and approval.
    Second, it created the Office of Program Accountability and 
Risk Management (PARM) in 2011. This office oversees the 
acquisition work of the Department and its components as well 
as enforces DHS policies and procedures.
    Third, it established an Acquisition Review Board (ARB), 
which determines whether or not the components' acquisitions 
meet specific requirements at key phases throughout the 
acquisition process.
    Fourth, DHS established a Joint Requirements Council to 
review high-dollar acquisitions and make recommendations to the 
Acquisition Review Board on cross-cutting savings 
opportunities.
    Lastly, it has increased component-level acquisition 
capability. For instance, the Department has appointed 
component acquisition executives to oversee and support their 
respective programs. It has also initiated various training and 
information-sharing programs within the components themselves.
    Although DHS has made much progress, we do not believe it 
has yet achieved the cohesion and sense of community to act as 
one entity working towards a common goal. The Department 
continues to face challenges establishing and enforcing a 
strong central authority and uniform policies and procedures. 
Many of DHS's major acquisition programs continue to cost more 
than expected, take longer to deploy than planned, and deliver 
less capability than promised.
    We have analyzed the acquisition failures and have 
identified 3 root causes.
    First, components do not always follow departmental 
acquisition guidance, which may lead to cost overruns, missed 
schedules, and mediocre acquisition performance. All of these 
have an effect on budget, security, and efficient use of 
resources.
    Second, components often do not engage in appropriate 
oversight of their own acquisition process. To protect the 
Department's investments, components must properly manage 
assets throughout the life cycle. Our reviews of equipment 
maintenance contracts, for example, revealed that components 
need to improve oversight to ensure contractors provide the 
required services and correct maintenance deficiencies.
    Lastly, DHS needs better data and acquisition management 
tools. Strong management of Department programs requires 
accurate and reliable data, clear and well-communicated 
guidance, and a collaborative and unified environment. We have 
identified cross-cutting programs in which better management, 
oversight, and guidance could have improved transparency, 
effectiveness, and efficiency.
    In the last few years, DHS has initiated significant 
reforms to the acquisition process and has exerted significant 
leadership to gain control over an unruly and wasteful process. 
However, I worry that the significant reforms, if not 
continuously enforced over time, could be undone. We believe 
that the passage of the 2 bills under consideration by this 
Committee, the DHS Headquarters Reform and Improvement Act of 
2016 and the DHS Acquisition Reform and Accountability Act of 
2016, will help DHS solidify the gains made in the discipline, 
accountability, and transparency of acquisition program 
management. These bills codify existing policy and relevant 
offices, provide the necessary authority for key personnel and 
mechanisms within the Department to effectively manage major 
acquisition programs, reinforce the importance of key 
acquisition management practices--such as establishing cost, 
schedule, and capability parameters--and include requirements 
to better identify and address poorly performing acquisition 
programs.
    Mr. Chairman, this concludes my prepared statement. I 
welcome any questions that you or Members of the Committee may 
have.
    Chairman Johnson. Thank you, General Roth.
    Our next witness is Rebecca Gambler. Ms. Gambler is the 
Director of the Homeland Security and Justice team at the U.S. 
Government Accountability Office. Ms. Gambler leads GAO's work 
on DHS management and transformation, border security, and 
immigration. Director Gambler.

 TESTIMONY OF REBECCA GAMBLER,\1\ DIRECTOR, HOMELAND SECURITY 
       AND JUSTICE, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. Gambler. Good afternoon, Chairman Johnson, Ranking 
Member Carper, and Members of the Committee. I appreciate the 
opportunity to testify at today's hearing to discuss GAO's work 
on DHS's efforts to strengthen and integrate its management 
functions.
---------------------------------------------------------------------------
    \1\ The joint prepared statement of Ms. Gambler and Ms. Mackin 
appears in the Appendix on page 56.
---------------------------------------------------------------------------
    Since 2003, GAO has issued hundreds of reports addressing 
the range of DHS's mission and management functions. And, we 
have made about 2,400 recommendations to strengthen the 
Department's operations and management, among other things. DHS 
has implemented about 70 percent of these recommendations and 
has actions underway to address others.
    GAO also regularly reports to Congress on government 
operations that we have identified as high risk because of 
their great vulnerability to fraud, waste, abuse, and 
mismanagement--or the need for transformation. In 2003, we 
designated implementing and transforming DHS as high risk 
because DHS had to transform 22 agencies into one Department--
and the failure to address associated risks could have serious 
consequences for U.S. national and economic security. With 
DHS's maturation and evolution, we have narrowed the scope of 
DHS's high-risk area to focus on strengthening management 
functions--and those functions include human capital, 
acquisition, financial, and information technology management.
    GAO has established 5 criteria for removing areas from our 
``High-Risk List.'' Specifically, agencies must have: first, a 
strong commitment to, and top leadership support for, 
addressing the risks; second, an action plan; third, the 
capacity--including people and other resources--to address the 
risks; fourth, a program for monitoring progress; and, fifth, 
demonstrated progress in implementing corrective actions.
    The Department has made progress in meeting our criteria. 
In our 2015 update, we found that DHS had met 2 of our 
criteria--demonstrating leadership commitment and having an 
action plan--and had partially met the other 3 criteria. Since 
our 2015 update, DHS has made additional progress and has now 
also met the criterion of having a framework to monitor 
progress.
    To help the Department in addressing our high-risk 
criteria, GAO and DHS have agreed to 30 actions and outcomes 
across DHS's management functions--and a number of these 
actions and outcomes are consistent with functions and 
responsibilities identified for the Department and its 
management chiefs in the proposed legislation on DHS 
management.
    With regard to the 30 actions and outcomes, DHS has fully, 
or mostly, addressed just more than half of them and has 
partially addressed, or initiated activities to address, the 
others.
    For example, within human capital management, DHS has 
developed and made progress in implementing a human capital 
strategic plan and a workforce planning model. However, DHS has 
considerable work ahead to improve employee morale. DHS has 
also taken steps to assess its various training programs, but 
has faced significant challenges in its efforts to consolidate 
its existing learning management systems.
    Further, within financial management, DHS has received a 
clean audit opinion on its financial statements since fiscal 
year (FY) 2013 and has made progress addressing weaknesses in 
its internal controls over financial reporting. However, the 
remaining material weaknesses reported by auditors continue to 
hamper DHS's ability to establish effective control over 
financial reporting and comply with financial management system 
requirements. My colleague Ms. Mackin will share some more 
specific insights related to DHS acquisition management.
    As I close, I think it is important to note that DHS has 
made progress in addressing those issues that contributed to 
its designation as high risk. While this progress has been 
positive, DHS needs to continue to demonstrate measurable and 
sustainable progress in implementing corrective actions and 
achieving those actions and outcomes that we and the Department 
have identified.
    Efforts by the Department and by Congress, through proposed 
legislation and continued oversight, for example, are important 
to helping ensure that the Department has the people, 
processes, and systems in place to strengthen management 
functions and address remaining challenges. GAO will also 
continue to work constructively with the Department. For 
example, senior GAO and DHS officials have met routinely over 
the past 7 years to discuss the Department's plans and progress 
in addressing this high-risk area and we will continue those 
constructive efforts.
    This concludes my prepared statement. I am happy to answer 
any questions Members have.
    Chairman Johnson. Thank you, Director Gambler.
    Our final witness is Michele Mackin. Ms. Mackin is the 
Director on the Acquisition and Sourcing Management team at the 
U.S. Government Accountability Office. In her capacity, Ms. 
Mackin leads GAO's work on DHS acquisitions and navy ship 
building. Director Mackin.

   TESTIMONY OF MICHELE MACKIN,\1\ DIRECTOR, ACQUISITION AND 
   SOURCING MANAGEMENT, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Ms. Mackin. Thank you, Mr. Chairman. Good afternoon, 
Ranking Member Carper and Members of the Committee. Thank you 
for having me here today to discuss DHS acquisition management 
and oversight. My statement is based on our work over more than 
a decade of reviewing DHS's major acquisition programs--those 
expected to cost $300 million or more.
---------------------------------------------------------------------------
    \1\ The joint prepared statement of Ms. Mackin and Ms. Gambler 
appears in the Appendix on page 56.
---------------------------------------------------------------------------
    The stakes are high at DHS when acquisitions are not 
properly managed. In addition to the potential for wasting 
taxpayer dollars, there is a risk that end users, such as 
border agents and the Transportation Security Administration 
(TSA) screeners, will not get the technologies or systems they 
need within required timeframes.
    As we have reported for many years, DHS acquisition policy 
reflects a ``best practices'' approach. Programs are not to 
proceed to the next milestone unless they have key acquisition 
documents in place. For example, if they do not have approved 
mission needs or requirements, they are not to begin buying 
capabilities. I note that the proposed acquisition reform bill 
reflects these sound practices.
    However, we found that DHS programs have not always 
followed these policies. As a result, programs have not 
delivered expected capabilities within cost and schedule 
targets. The Secure Border Initiative's (SBI's) SBInet and the 
Integrated Deepwater System Program (Deepwater) come to mind as 
some significant examples.
    A continuing theme in our work has been the struggle to get 
all of the DHS components on board with following the 
acquisition policies. In 2005, we reported that DHS's 
acquisition organization was fragmented among the components, 
and we said that if top leaders did not address this challenge, 
DHS would continue to deliver stop-gap, ad hoc solutions to its 
end users.
    When we reviewed the acquisition function a few years 
later, in 2008, the picture was bleak. About a third of the 
major programs had proceeded with funding even though they did 
not have validated requirements. Just as troubling, two-thirds 
of the programs lacked approved cost estimates. We concluded 
that taxpayers were investing billions of dollars in major 
acquisition programs without appropriate oversight.
    We also found, in 2008, that the Joint Requirements Council 
had not met since 2006. This body was reinstated in 2014, and I 
note that the headquarters reform bill that has been proposed 
does outline this body's roles and responsibilities. Having a 
Joint Requirements Council in place that validates requirements 
and attempts to eliminate redundancies across the Department is 
one of our high-risk acquisition outcomes.
    We did our next in-depth review in 2012, and, 
unfortunately, things were not much better. We continued to 
find that most programs lacked approved cost and schedule 
estimates as well as agreed-upon performance objectives even 
though these were required by policy.
    Based on the limited information available at that time, we 
found that cost estimates for 16 major programs had increased 
by 166 percent. This was largely because cost estimates were 
not properly developed in the first place.
    Recently, however, we have seen real progress at the 
Department. For example, management is more focused now on 
ensuring that its major programs are affordable. Further, we 
found, in 2015, that costs had increased by $9.7, billion as 
measured against initial baselines.
    The good news is, this was the first time we could do such 
an assessment--because program documentation had improved. We 
attribute this, in large part, to the sustained attention of 
senior leadership in holding components and programs 
accountable.
    That said, the Department is not there yet. There are still 
some acquisition basics that are not ingrained in the culture. 
In addition to the cost, schedule, and requirements issues I 
have discussed, we found that program data have not been 
accurately reported, internally or externally, to Congress. 
And, workforce capacity and skills, such as program managers 
and cost estimators, continue to be a challenge.
    Moving forward, DHS will need to sustain the progress we 
have seen recently and ensure that its sound acquisition 
policies are followed at all levels of the Department.
    Mr. Chairman and Ranking Member Carper, this concludes my 
prepared remarks. Thank you.
    Chairman Johnson. Thank you, Director Mackin.
    I would like to first start with the Inspector General and 
the representatives from GAO. First of all, Director Mackin, 
how long have you been working in this capacity and really 
doing audits on DHS?
    Ms. Mackin. I was involved with the first report we did on 
the acquisition functions in 2005.
    Chairman Johnson. OK. Director Gambler.
    Ms. Gambler. I have been covering this work, as a Director, 
for about 2 years, but, prior to becoming a Director, I worked 
on DHS management issues for several years.
    Chairman Johnson. OK. And, General Roth, I know time flies. 
You have been in this position not quite 2 years?
    Mr. Roth. 2 years and 2 weeks.
    Chairman Johnson. So, this is not a fair question, but, 
having gone through in my private sector business a lot of 
audits, both financial as well as quality audits--that type of 
thing, I mean, there is no doubt about it, good auditors are 
always going to find something. You can always find something 
to continuously improve on. I just want to get some sort of 
sense over that time of looking at DHS--let us say they started 
at zero--again, it was a significant challenge trying to 
combine 22 agencies--and the management challenge to finally 
getting to 100 would get them off of the ``High-Risk List.'' 
How far are they up on that scale? How much progress has been 
made? Again, I am not going to hold you to it, but I just kind 
of want to get some sort of sense. Director Gambler, you look 
like you are ready to hop in.
    Ms. Gambler. Absolutely. Based on our high-risk criteria, 
we would say that they are three-fifths of the way there. So, 
whatever that calculates into as a percentage----
    Chairman Johnson. That would be 60 percent. [Laughter.]
    Ms. Gambler. We would say they are about three-fifths of 
the way there.
    Chairman Johnson. Director Mackin, would you give them a 
bit more than 60 percent or----
    Ms. Mackin. Yes, I certainly agree with what Ms. Gambler 
said. On the acquisition front, I will note, having looked at 
this evolve over 10-plus years, it is only very recently that 
we have started to see real progress. Obviously, the 
acquisition area is a subset of our overall high-risk area. So, 
we are seeing more accountability now, and we hope that the 
Department can keep that up at all levels--as I mentioned.
    Chairman Johnson. General Roth, do you want to kind of 
chime in? That was very subjective.
    Mr. Roth. Correct, and, based on my limited experience thus 
far, there has been sustained leadership in this area, which I 
think is one of the key factors in moving forward on this. So, 
when I look at some of the older audits that we had done--and 
some of those were nightmare scenarios--the SBInet, for 
example, that had been mentioned earlier--we are out of those 
kinds of woods and in a different place.
    Chairman Johnson. OK. And these 2 gentlemen had a lot to do 
with that, so we certainly appreciate that.
    Have all 3 of you read the legislation? Do you have any 
problems with it? Again, based on what your recommendations 
are, we have tried to--I am sure we attempted to include those 
in that legislation. Are you satisfied with it? Are there 
things that you are concerned about still? I will start with 
you, Director Mackin.
    Ms. Mackin. I would say we have been through it, in detail, 
especially the acquisition bill, and it reflects quite a few of 
the findings and recommendations we have made over the years--
and, obviously, codifies what we are on record as saying is a 
very sound ``best practices'' acquisition approach.
    Chairman Johnson. Any glaring omissions?
    Ms. Mackin. The only thing I would mention there is in the 
Future Years Homeland Security Program (FYHSP) section, we have 
recommended the Department reflect funding gaps for individual 
programs over the FYHSP. That was one relatively minor issue 
that we might recommend you consider.
    Chairman Johnson. Director Gambler.
    Ms. Gambler. I would agree with my colleague. In the 
broader DHS management bill, a number of the functions and 
responsibilities that are identified within the management area 
are very consistent with GAO's findings and include the actions 
and outcomes that we, and the Department, have agreed need to 
be addressed in order, to ultimately, meet GAO's 5 criteria for 
getting off of the ``High-Risk List.'' So, we see a lot of 
consistency between the language that is in the proposed bill 
and our high-risk actions and outcomes.
    Chairman Johnson. Any omissions that you would want to 
mention?
    Ms. Gambler. Not that we would note.
    Chairman Johnson. OK. General Roth.
    Mr. Roth. I would concur with GAO's findings on this. I 
think this is exactly what the Department would need. It gives 
that imprimatur of legislation to what are current practices. 
But, again, what we always worry about is, with change of 
Administrations and changes in leadership, things can happen, 
things can fall off, and things can no longer be a priority. If 
it is in law, that is going to be less likely to happen.
    Chairman Johnson. Which is, of course, why we are trying to 
codify it. Secretary Deyo, I think you were the one that talked 
about how there was a Joint Requirements Council previously, 
but it was not sustained. Do you know why it was not? Can you 
point to what happened?
    Mr. Deyo. I do not. Do you know, Mr. Fulghum? I just know 
it did not----
    Mr. Fulghum. I think part of it was due to competing 
priorities. About the time it was formed, we were heavily 
focused on Hurricane Katrina and other things, and we just lost 
focus.
    Chairman Johnson. Oh, OK. Again, another reason for 
codifying this, so that does not happen.
    Secretary Deyo, I just have to talk to you a little bit 
about coming from the private sector. We had this discussion in 
our roundtable. Can you describe to me what is so difficult in 
government? We had this hearing yesterday about the IT system 
within USCIS, and there are systems in the private sector that 
do really what we need to do in so many of these agencies and 
departments--just getting common accounting. I imagine, in your 
previous life, Johnson & Johnson probably acquired different 
businesses. And, I was acquired, and, trust me, our accounting 
system switched over very quickly. What prevents it? Why does 
that not happen in government?
    Mr. Deyo. It is a great question. I am still learning. You 
do not have as much flexibility, so let us take the common 
financial systems, all right? Exactly what you described. At 
Johnson & Johnson, if there was an acquisition, no matter how 
large, the first thing that happened was to feed it into the 
common financial system, because how else can you plan and how 
else can you accurately report on a quarterly basis?
    Chairman Johnson. And, that would normally take how long?
    Mr. Deyo. First of all, you had the benefit of common 
definitions because everybody's--we do not have common 
definitions, necessarily, in these financial systems--but it 
would be done in 6 months, at most. It is just a matter of 
transitioning. And, since you had common definitions, even if 
you were doing it by hand, you could do it. Here, it is just 
more complicated and it just takes longer.
    In terms of what you are describing, in terms of the common 
financial system, we want to make sure we do it right. The GAO 
representatives talked about the risk of our internal controls 
and we are doing this in a staged way to ensure that we do it 
at the start of a financial year, so that we can manage it 
without the disruption. So, that is why this one is taking so 
long.
    Chairman Johnson. So, just give me an example, and then I 
will turn it over to Ranking Member Carper. What do you mean 
you do not have common definitions? I mean, numbers are 
numbers. You know what I am saying? What is different in terms 
of definitions?
    Mr. Deyo. I will turn to my exemplary CFO.
    Mr. Fulghum. So, one of the key foundational things we need 
to do in this Department is have a common data structure, what 
we call a ``common account structure.'' So, when these agencies 
were formed, they had unique accounting codes. And, so one of 
the things we have done is said, ``OK, you can keep some of 
your unique accounting codes, but there are certain things in 
this Department that we need to simplify in terms of 
structure.'' So, it is complicated.
    I would add to what the Under Secretary said, in terms of 
disparate systems--not modernized systems--the capacity to 
migrate to a new modernized solution, and the audit risk that 
is inherent when you migrate. And, the Department has only 
gotten 3 opinions in a row and, of course, takes that very 
seriously.
    So, we have taken a tiered approach to doing it. We are on 
a path to getting there. It is just going to take us some 
time--that, combined with limited resources. I mean, there is 
only so much money you can put toward this in any given year, 
given the competing priorities that we need to fund, in terms 
of operational capability.
    Chairman Johnson. OK. Well, thank you. Senator Carper.
    Senator Carper. Thank you, Mr. Chairman.
    Ms. Gambler, I feel like I would like to start this first 
question with you. Many times in my life, I have begun a 
sentence by saying, ``If I were a gambler.'' [Laughter.]
    Have you ever used that?
    Ms. Gambler. I do not, but I have had other comments and 
jokes about the last name.
    Senator Carper. Have you always been a Gambler?
    Ms. Gambler. I have always been a Gambler.
    Senator Carper. Oh, good. Good. I want to start by asking 
why is it important to codify--and the rest of you may recall 
this, but, when we were trying to get him confirmed--and get 
the Secretary, the Deputy Secretary, and others confirmed--
people, and my colleagues, would ask, ``Why is it so important 
to get him confirmed?'' And, we would say, ``Well, it makes it 
clear that these folks have earned the imprimatur of the U.S. 
Senate.'' We have vested our faith in them. And, let me just 
ask Mr. Deyo, is that true? Have you often seen that?
    Mr. Deyo. Yes. It does make a big difference--credibility 
and to have people listen, just as codification of these steps 
will make a huge difference to the component compliance, and 
all of our compliance, and our ability to make these a standard 
process. Once it becomes routinized, people will use it because 
they will see it works. But, we are not there yet.
    Senator Carper. Alan Simpson used to be a Senator here. I 
do not know if he was on this Committee or not, but he was 
remembered for being very funny. But, he also said some 
memorable things that were not funny but were, I think, right 
on--dead on. He used to say: ``Integrity, if you have it, 
nothing else matters. Integrity, if you do not have it, nothing 
else matters.'' Think about that.
    I think the same is true of leadership. And, I would like 
to ask the Inspector General, Ms. Gambler, and Ms. Mackin just 
to reflect on this Department and the leadership of this 
Department--and the words that I just shared on leadership and 
the importance of leadership. And, just give us your readout, 
please. Mr. Roth.
    Mr. Roth. Thank you. And, I have said this publicly in 
testimony as well as elsewhere. Secretary Johnson and his 
leadership team believe in oversight and believe in an 
independent Inspector General, which is not to say they always 
like what it is I say, but they believe in the office and 
believe that oversight makes a huge difference.
    Senator Carper. Ms. Gambler.
    Ms. Gambler. I would say, particularly, as it relates to 
the high-risk area, we have seen extremely strong leadership, 
commitment, and support in addressing the high-risk areas and 
to working constructively with GAO on that. We have also seen a 
lot of commitment on the part of the Department and its top 
leadership to address the actions and outcomes and to address 
GAO's recommendations. So, we have, I think, had a good, 
constructive working relationship and dialogue with them on 
these management issues.
    Senator Carper. All right. Thank you. Ms. Mackin.
    Ms. Mackin. I certainly agree with that, and I think the 
integrity aspect comes into play, specifically, in the 
acquisition issues. We have not seen them overstate their 
progress and try to convince us that things are much better 
than they really are.
    Senator Carper. Is that right? That is interesting.
    Ms. Mackin. It is a very legitimate dialogue.
    Senator Carper. Maybe we should try that. [Laughter.]
    In our roles.
    Chairman Johnson. Speak for yourself.
    Senator Carper. Mr. Chairman says to speak for myself.
    I think you said, Ms. Mackin, in your statement earlier, 
you said that you sensed progress, initially--maybe slower than 
you would have liked, but, in terms of ``Unity of Effort'' and 
making progress on these fronts with acquisition. But, I think 
you said--either you or Ms. Gambler said that, over time, the 
pace has sped up--has picked up. Who said that? Was that you or 
was that Ms. Gambler?
    Ms. Mackin. Our observation, on the acquisition issues, is 
that it picked up quite a bit, I would say, in the last 2 
years.
    Senator Carper. And why do you suppose that is?
    Ms. Mackin. Probably due to leadership. Probably due to 
just the acquisition organization beginning to mature. I mean, 
the current acquisition policy was implemented in 2008, so it 
is still relatively recent. Trying to get the reach down 
through the components to every program office has been a 
challenge.
    Senator Carper. OK. Someone also spoke about 3 root causes. 
Mr. Roth, just go back and revisit that. Tell us again what you 
said.
    Mr. Roth. Sure. The first thing is that components do not 
always follow departmental guidance.
    Senator Carper. These are the 3 root causes for what?
    Mr. Roth. For our lookback on some of the acquisition 
problems that we have seen in the course of our audits in the 
last 4 or 5 years. First, components do not always follow 
acquisition guidance. Second, they do not do appropriate 
oversight of their own acquisition process. And, third, they 
need better data and acquisition management tools to be able to 
do their job.
    Senator Carper. Sometimes, we pass legislation around here 
that addresses symptoms of problems, but not root causes. And, 
I would like to think that, in the legislation that we are 
considering--these 2 bills--we look at the root causes and the 
symptoms. But, when you think about root causes and the 3 that 
you just went through, is there anything in our legislation 
that is actually helpful in those regards?
    Mr. Roth. It absolutely all is helpful in those regards. 
Having oversight of the Department, I think, is extraordinarily 
important. To be able to enforce discipline down into the 
component level--that is really where we see all of the 
problems. When we look at acquisition after acquisition, we can 
really show that if they had followed the Department's guidance 
and had been appropriately supervising the acquisition process, 
this would not have been a problem.
    Senator Carper. All right. Ms. Gambler, you mentioned in 
your testimony, I think you said that, of the 2,400 
recommendations that you have personally given to this 
Department, some 70 percent of them have been acted on. And, my 
first thought is that sounds pretty good. Would those be 2,400 
recommendations over like a 12-year period?
    Ms. Gambler. Yes, that was about 2,400 recommendations 
since 2003--since the start-up of the Department. That is 
right. And, about 70 percent have been implemented--and I would 
just note that the Department has actions underway to address 
others there. They are just not yet at the place where we would 
consider them fully implemented.
    Senator Carper. I see. And, I am tempted to say, ``Well, 
that is great progress,'' but we do not know if maybe they have 
taken 70 percent of like the easiest, least meaningful 
recommendations and done something with those, and the really 
tough ones are still out there. How would you characterize the 
apportionment of this progress?
    Ms. Gambler. Sure. Thinking about it, maybe, Senator, in 
the context of the DHS management areas and some of the 
recommendations that we have made there, and the related 
actions and outcomes, I think it is fair to say that DHS has 
really taken action to put in place some of the building 
blocks--some of the foundational kind of recommendations and 
actions and outcomes that need to be put into place to help 
address the high-risk area. I think where we need to continue 
to see progress, in terms of what they are continuing to work 
on, are some of those things that help to show that sustainable 
measurable progress over time.
    Senator Carper. Good. And, the last question is: In the 
time before Jeh Johnson was confirmed as Secretary and became 
Secretary, and we had previous leadership in the Department--
the Deputy was, for a while--I think for 4 years--Jane Holl 
Lute. Did you ever work with her? Did she ever come and meet 
with you folks?
    Ms. Gambler. She did. I would say for the last 7 or 8 
years, we have enjoyed a very constructive dialogue with DHS 
over these high-risk issues, to include folks at all different 
levels within the Department, including the most senior levels.
    Senator Carper. And, under the leadership of Secretary Jeh 
Johnson, who would you say, in the Department, you have the 
closest--at the senior level--working relationship with? Would 
it be the Deputy? Would it be the Under Secretary?
    Ms. Gambler. GAO's leadership has had discussions with the 
Deputy Secretary and, I believe, with the Secretary, as well, 
on high-risk issues. I think we work most closely on kind of a 
regular basis with the Under Secretary for Management and his 
management chiefs.
    Senator Carper. All right. Good. Thank you so much.
    Chairman Johnson. Thank you, Senator Carper.
    Before I turn it over to Senator Lankford and then to 
Senator Booker, I am going to apologize. This is the first time 
I have had to do this--leave a hearing before it is concluded. 
Obviously, the reason we called this hearing is to allow 
Senators to come in and really gain the understanding that I 
think Senator Carper and I have gained, in terms of this 
process--working with the House Committee on Homeland Security, 
their staff, our Committee, our Committee staff, GAO, the OIG's 
office, and the good folks at the Department of Homeland 
Security. This is a pretty good work product, and certainly, 
from my standpoint, what I have been hearing in testimony here 
really confirms that point. We have good leadership. We have 
dedicated management. And, we have some very capable auditors 
watching this process.
    So, I certainly feel very confident that these are 2 pieces 
of legislation that are well worth supporting. We are going to 
do everything we can on the part of this Committee to try and 
get these passed through the Committee, passed through the 
Senate, combined with the House bills, and signed into law, so 
that we really can codify this. But, I think I can trust some 
capable members here for figuring out how this thing is going 
to all wrap up.
    But, again, I really want to thank you for all of your 
efforts. I want to thank the Senators for attending. Kick the 
tires, ask the questions--but, in the end, I am hoping we can 
really get a good result here. So, with that, thank you. 
Senator Lankford.

             OPENING STATEMENT OF SENATOR LANKFORD

    Senator Lankford. Thank you.
    Let me get a chance to get just a sense of this as well. My 
sense of it is--and I am trying to figure this out based on the 
timing of the request to try to codify this. If you had the 
same leadership in place that you have now, let us say for the 
next 5 years--which, obviously, there are transitions in 
leadership, Presidents, and all of that kind of stuff. If you 
had the same leadership there for the next 5 years, would you 
ask for this codification at that point? Or, would you just 
assume the leaders that are in place know this is working and 
they would leave it alone, basically? Is this a sense that, 
just in case somebody coming next does not agree, we need to 
get this in place and make sure we hold it?
    Mr. Deyo. Thank you, Senator. I will take the first shot at 
that. We would certainly be in a better position if we knew we 
had 5 years of continuity of leadership, because we are all so 
committed to this process at the senior level in the 
Department. But, even if we were not facing a transition, there 
is a large benefit to the codification of these processes 
because it reinforces and makes clear to everyone that it is a 
requirement that we follow.
    Second, it makes very clear the accountability of the 
individuals, including the Under Secretary for Management----
    Senator Lankford. So, help me to understand what you gain 
by that, because right now--we talked about before, and I heard 
that testimony before, that, at times, we are not getting good 
supervision--it is not being enforced on this. So, what does 
that bring to bear once it is codified? Is that a discipline 
issue? Is that a structural issue? What do you gain by 
codifying this that you do not have now?
    Mr. Deyo. What we gain is reinforcing the legitimacy of 
what we are doing. We do not need it--we would keep doing what 
we are doing without the codification.
    Senator Lankford. So, the discipline processes are the same 
regardless?
    Mr. Deyo. There are some aspects of the legislation we 
might differ on, modestly, but, no, in terms of capturing 
exactly what we are trying to do and the process we are trying 
to follow, it would be totally consistent. Am I answering your 
question?
    Senator Lankford. I think so.
    Mr. Fulghum. Sir, if I could just add, a key thing it does 
is codify the relationship between the component acquisition 
executive and the Chief Acquisition Officer (CAO) in the 
Department. And, I think that is a key, foundational piece of 
this legislation that we need.
    Senator Lankford. OK. I am still trying to dig to try to 
figure this out as well. Is it a concern that, regardless of 
who the next President is--and I will not get into parties. 
Regardless of who the next President is, they are going to come 
back and try to shift this. So, I am trying to get a feel for 
this. How many different systems have been in place over, let 
us say, the last 10 or 15 years? Is this a product of, ``We 
changed systems multiple times and, just when we get going, we 
have to change it. We do not have a good working system, now we 
feel like we have a good working system, let us pour concrete 
on it. Let us make sure we are actually running, because every 
time we turned around before, there was some new 
recommendation, and we had to change systems and cannot ever 
get measurable results? '' Because, obviously, being on the GAO 
``High-Risk List'' for quite a while is an issue, and I am 
trying to figure out--we are still on the GAO ``High-Risk 
List'' on some of these things. We have not shown yet they 
work, but you have a confidence they will work, and if they 
keep going--this seems to be what I am hearing--this is finally 
the structure that will work if we will just leave it alone. 
How far off am I on that?
    Mr. Deyo. We are confident that this system will work. I am 
confident because of my private industry experience. I am 
confident because of the clarity and the requirements that are 
made clear in it, the 4 steps you have to go through, that you 
have to have proper documentation, that there is oversight, and 
that if there is a problem, we step in and evaluate before you 
move forward.
    Senator Lankford. But, we do not know, we do not have a 
measurable result yet so that we know it is going to work. We 
think it is going to work--and it has had good results, 
initially. But, we are still in the same boat on some of these 
things. Am I right or wrong on that?
    Mr. Deyo. I would say, on some of the acquisitions, we have 
had some experience, now, that it is working.
    Mr. Fulghum. Sir, I would say it is more about sustainment, 
which is one of the key elements of getting off of the ``High-
Risk List.''
    Senator Lankford. Sure.
    Mr. Fulghum. I think we have demonstrated to GAO and the IG 
that this process, and the procedures we have in place, work. 
Now, we have to show that we can sustain it--and this 
legislation helps to codify that and to drive that sustainment.
    Senator Lankford. OK. Mr. Roth, were you about to say 
something on that?
    Mr. Roth. Simply that, while there is not a lot of evidence 
that this, in fact, works, it is the best practices across the 
entire acquisitions industry within the Federal Government. I 
would say that first.
    Second, we know what does not work because audit after 
audit has shown that, when they have failed to do the kinds of 
things, like the Life Cycle Acquisition Framework, for example, 
or the Joint Requirements Council or an Acquisitions Review 
Board--every time that does not happen, the acquisition gets 
into trouble. So, if we are doing autopsies on acquisitions--
where it went wrong--that is what we can see. So, we can see, 
certainly, that the absence of that is a cause of a problem, so 
we are hoping that having that sustained in concrete, as a 
matter of law, will assist in avoiding those kinds of problems.
    Senator Lankford. Sure, which goes back to my original 
question, and that is, somewhat, my confusion. You are finally 
getting to a process that everyone is nodding their head at and 
saying, ``This is a good process.'' Why would the next group 
step in and change it? Has there been a history of something 
changing just when we get something good going? Or--why does it 
suddenly need a statute, now, when it actually is a working and 
functioning process?
    Mr. Roth. I would say, if I could just jump in, it is about 
competing priorities. This was clearly a priority of the 
Secretary when he came in. He told me it was a priority. He has 
made it a priority.
    Senator Lankford. Right.
    Mr. Roth. We cannot guarantee that there will not be other 
competing priorities for the next Administration.
    Senator Lankford. OK.
    Mr. Deyo. I completely concur with that. It is exactly 
that. It is a demanding process and it takes discipline. As we 
do it more frequently and with a sustained approach, it will 
become much easier because people will be used to it. But, it 
is still a relatively new process--components are still 
adjusting and we are still adjusting. And, with competing 
priorities, the concern would be the focus on other things, and 
this slipping away, again.
    Senator Lankford. OK. So let me just throw in one thing. 
Just processing what we do in this Committee all of the time, 
we tried to codify Executive Order (EO) 12866 on how rules are 
promulgated. It has been the Executive Order for 20-plus years, 
so every President--Republican or Democrat--has renewed it and 
said this is a good system for how we do it. So, we have tried 
to codify that, and the Administration has fought vehemently 
against us, saying we do not need to codify it, we have an 
Executive Order, and there is no reason to put this into 
concrete. And, my response has been that this is what 
Republican and Democrat Presidents have done. But, they are 
saying we lose the flexibility suddenly, and not to put this in 
law.
    And, it is interesting to me to now deal with this to say, 
``We found a process that works and we need you to move this 
out of Executive Action and put this into law.''
    And so, while you all are not responsible for articulating 
the White House's policy on Executive Order 12866, for us, as 
we deal with this, it does seem odd to say that at times we are 
getting, ``We have to have this in law to be able to hold it,'' 
and at other times hearing, ``Do not put that in law. We want 
the flexibility.''
    So, I think the driving point for me is, would you have 
wanted this when you came into this task--to know that this was 
already set, so it is non-negotiable, so you could work on 
other things? Or, where would you have been on this if you were 
entering into the dialogue?
    Mr. Deyo. I would have been thrilled that this was in place 
when I came to the Department. I should note that it is a 
rigorous process, but it does provide some flexibility.
    Senator Lankford. As it should.
    Mr. Deyo. As it should. So, it gives management absolute 
accountability, but some discretion about how it handles each 
piece of the determination.
    Senator Lankford. OK.
    Mr. Fulghum. Sir, if I could say another thing. Oversight, 
at times, is uncomfortable for components. So, while there is 
flexibility in there, oversight is uncomfortable. And so, this 
codification helps with that authority, and it eliminates any 
question about it. Are we able to do it, today? Yes. Would this 
legislation help us? Yes, it would.
    Senator Lankford. OK. All right. Thank you.
    Thank you for the extra minute. Now you are firmly back in 
the chair with the gavel next to you. Are you feeling rather 
nostalgic?
    Senator Carper [Presiding.] A minute and 12 seconds.
    Senator Lankford. Yes, sir. Thank you. Thank you for the 
efforts.
    Senator Carper. I just want to say, in front of God and the 
whole world, I thought those were excellent questions, and I 
thought the answers from Russ and Chip, especially on the last 
question, were very insightful and helpful. It was for me. I 
hope it was for you.
    I have just the last question, and then I have to run. But, 
this would be for Mr. Deyo and for Mr. Fulghum. Can you tell us 
how the Secretary's ``Unity of Effort'' Initiative is building 
cohesion across the Department's many components and offices? 
Just very briefly.
    Mr. Deyo. I think it has taken hold, and it is building 
cohesion. You can see it in multiple approaches. You can see it 
at a Senior Leadership Council (SLC) meeting when the component 
heads are around the table and talking about an issue and how 
they approach it. You can clearly see it in the budget process, 
with a mission focus on budget, rather than a component-by-
component build--and that collaboration taking place.
    You can see it in the increased desire for human resources 
to provide training that cuts across components, so there is 
joint duty opportunities. I definitely see it in the 
administrative councils, be it the CIO councils or the CFO 
councils. Senators, we are so much better on cybersecurity 
because of our CIO council and that collaboration across all of 
the components with the authority that the chief CIO has to 
drive forward, improving our IT systems and improving our 
internal cybersecurity. That would not have been happening 
without the ``Unity of Effort'' and that awareness.
    Senator Carper. Please, go ahead.
    Senator Lankford. Sorry. Let me ask a follow-up question on 
that as well.
    Senator Carper. Just very briefly, because then I have to 
run. In fact, I have folks waiting to meet with me, and they 
are wanting me to come right now.
    Senator Lankford. You want to just keeping passing the 
gavel?
    Senator Carper. Here is what I will do, and just close it 
out whenever you are ready, OK?
    Senator Lankford. Yes, will do. I just have a quick 
question.
    Senator Carper. Just ask the last one here, and turn out 
the lights.
    Senator Lankford. Deal.
    Senator Carper. Thank you. Thank you, everyone. Great to 
see you.
    Senator Lankford [Presiding.] Let me ask this quick 
question that came up as a result of what Senator Carper was 
saying on this. If I recall correctly, there was a helicopter 
program a couple of years ago with the Coast Guard and--I 
cannot remember the other entity--but there was a collaboration 
issue on that, as well as on trying to get all of the folks to 
be able to talk together on it. Would what we are talking about 
solve that?
    Mr. Roth. You are referring to an audit that we did on the 
H-60 helicopter program.
    Senator Lankford. That is it.
    Mr. Roth. It was the Coast Guard and the U.S. Customs and 
Border Protection (CBP) Air and Marine. Coast Guard had a 
facility that could do the maintenance on the CBP helicopters. 
They were the same helicopters. The Air and Marine program had 
not yet been brought under some of the departmental acquisition 
reform. It was not part of the Acquisition Review Board, for 
example, or the Joint Requirements Council. So, the Coast Guard 
had one set of requirements and CBP had one set of 
requirements. There is that sort of tribal competition, I would 
say, between 2 components that share similar missions.
    Senator Lankford. Thankfully, we have not had that on the 
Joint Strike Fighter at all.
    Mr. Roth. No, I am sure that is not the case at all. 
[Laughter.]
    I am happy to say, as a result of that audit and as a 
result of the work that has happened in DHS, the whole Air and 
Marine program has now been placed under the Acquisition Review 
Board and an entire sort of life-cycle audit process. So, this 
was a win.
    Senator Lankford. What I am asking is--you are talking 
about codifying. Would it have solved that, actually? Because 
that was 3 or 4 years ago, if I remember correctly.
    Mr. Roth. Correct, and it would have solved this.
    Senator Lankford. So, it would have solved that.
    Mr. Roth. Correct.
    Senator Lankford. If this was in place at that time.
    Mr. Roth. Correct.
    Senator Lankford. OK. Since they have, unbelievably, turned 
this whole conversation over to a freshman Senator, let me just 
say thank you to all of you for the work that you are doing and 
the dedication that you put to this. This is not simple stuff--
and I get that a lot of people are not engaged in this--but it 
matters because it involves billions of Federal tax dollars, 
and it takes dollars away--when we waste it--from things that 
really need to be done in extremely important areas.
    So the hearing record will remain open for 15 days, until 
March 31 at 5 p.m. for the submission of statements and 
questions for the record. Thank you to all of you. This hearing 
is adjourned.
    [Whereupon, at 3:08 p.m., the Committee was adjourned.]

                            A P P E N D I X

                              ----------                              

[GRAPHICS NOT AVAILABLE IN TIFF FORMAT]
                                 
                                 [all]