[House Hearing, 115 Congress]
[From the U.S. Government Publishing Office]





      DHS FINANCIAL SYSTEMS: WILL MODERNIZATION EVER BE ACHIEVED?

=======================================================================

                                HEARING

                               before the

                            SUBCOMMITTEE ON
                             OVERSIGHT AND
                         MANAGEMENT EFFICIENCY

                                 of the

                     COMMITTEE ON HOMELAND SECURITY
                        HOUSE OF REPRESENTATIVES

                     ONE HUNDRED FIFTEENTH CONGRESS

                             FIRST SESSION

                               __________

                           SEPTEMBER 26, 2017

                               __________

                           Serial No. 115-29

                               __________

       Printed for the use of the Committee on Homeland Security
                                     


[GRAPHIC(S) NOT AVAILABLE IN TIFF FORMAT]

                                     

        Available via the World Wide Web: http://www.govinfo.gov
                               __________

                         U.S. GOVERNMENT PUBLISHING OFFICE 

28-418 PDF                     WASHINGTON : 2018 
-----------------------------------------------------------------------
  For sale by the Superintendent of Documents, U.S. Government Publishing 
  Office Internet: bookstore.gpo.gov Phone: toll free (866) 512-1800; 
         DC area (202) 512-1800 Fax: (202) 512-2104 Mail: Stop IDCC, 
                          Washington, DC 20402-0001
                          























                     COMMITTEE ON HOMELAND SECURITY

                   Michael T. McCaul, Texas, Chairman
Lamar Smith, Texas                   Bennie G. Thompson, Mississippi
Peter T. King, New York              Sheila Jackson Lee, Texas
Mike Rogers, Alabama                 James R. Langevin, Rhode Island
Jeff Duncan, South Carolina          Cedric L. Richmond, Louisiana
Lou Barletta, Pennsylvania           William R. Keating, Massachusetts
Scott Perry, Pennsylvania            Donald M. Payne, Jr., New Jersey
John Katko, New York                 Filemon Vela, Texas
Will Hurd, Texas                     Bonnie Watson Coleman, New Jersey
Martha McSally, Arizona              Kathleen M. Rice, New York
John Ratcliffe, Texas                J. Luis Correa, California
Daniel M. Donovan, Jr., New York     Val Butler Demings, Florida
Mike Gallagher, Wisconsin            Nanette Diaz Barragan, California
Clay Higgins, Louisiana
John H. Rutherford, Florida
Thomas A. Garrett, Jr., Virginia
Brian K. Fitzpatrick, Pennsylvania
Ron Estes, Kansas
                   Brendan P. Shields, Staff Director
                 Steven S. Giaier, Deputy Chief Counsel
                    Michael S. Twinchek, Chief Clerk
                  Hope Goins, Minority Staff Director
                                 ------                                

          SUBCOMMITTEE ON OVERSIGHT AND MANAGEMENT EFFICIENCY

                  Scott Perry, Pennsylvania, Chairman
Jeff Duncan, South Carolina          J. Luis Correa, California
John Ratcliffe, Texas                Kathleen M. Rice, New York
Clay Higgins, Louisiana              Nanette Diaz Barragan, California
Ron Estes, Kansas                    Bennie G. Thompson, Mississippi 
Michael T. McCaul, Texas (ex             (ex officio)
    officio)
               Ryan Consaul, Subcommittee Staff Director
      Erica D. Woods, Interim Subcommittee Minority Staff Director
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
      
                            C O N T E N T S

                              ----------                              
                                                                   Page

                               Statements

The Honorable Scott Perry, a Representative in Congress From the 
  State of Pennsylvania, and Chairman, Subcommittee on Oversight 
  and Management Efficiency:
  Oral Statement.................................................     1
  Prepared Statement.............................................     2
The Honorable J. Luis Correa, a Representative in Congress From 
  the State of California, and Ranking Member, Subcommittee on 
  Oversight and Management Efficiency:
  Oral Statement.................................................     3
  Prepared Statement.............................................     4
The Honorable Bennie G. Thompson, a Representative in Congress 
  From the State of Mississippi, and Ranking Member, Committee on 
  Homeland Security:
  Prepared Statement.............................................     5

                               Witnesses

Mr. Chip Fulghum, Deputy Under Secretary for Management, U.S. 
  Department of Homeland Security:
  Oral Statement.................................................     6
  Prepared Statement.............................................     7
Ms. Michele F. Singer, Director, Interior Business Center, U.S. 
  Department of the Interior:
  Oral Statement.................................................    10
  Prepared Statement.............................................    11
Ms. Elizabeth Angerman, Executive Director, United Shared 
  Services Management, Office of Government-Wide Policy, U.S. 
  General Services Administration:
  Oral Statement.................................................    13
  Prepared Statement.............................................    14
Mr. Asif A. Khan, Director, Financial Management and Assurance, 
  U.S. Government Accountability Office:
  Oral Statement.................................................    16
  Prepared Statement.............................................    18

                                Appendix

Questions From Chairman Scott Perry for Chip Fulghum.............    41
Questions From Chairman Scott Perry for Elizabeth Angerman.......    42

 
      DHS FINANCIAL SYSTEMS: WILL MODERNIZATION EVER BE ACHIEVED?

                              ----------                              


                      Tuesday, September 26, 2017

             U.S. House of Representatives,
                    Committee on Homeland Security,
                             Subcommittee on Oversight and 
                                     Management Efficiency,
                                                    Washington, DC.
    The subcommittee met, pursuant to notice, at 2 o'clock 
p.m., in Room HVC-210, Capitol Visitor Center, Hon. Scott Perry 
[Chairman of the subcommittee] presiding.
    Present: Representatives Perry, Duncan, Ratcliffe, Higgins, 
Estes, Correa, Rice, and Barragan.
    Mr. Perry. The Committee on Homeland Security Subcommittee 
on Oversight and Management Efficiency will come to order.
    The purpose of this hearing is to examine the failures and 
path forward with modernizing the Department of Homeland 
Security's financial systems.
    The Chair now recognizes himself for an opening statement.
    As the third-largest Federal Cabinet agency, the Department 
of Homeland Security, or DHS, has a duty to be an effective 
steward of taxpayer dollars. Sound management of its finances 
is vital to implementing the homeland security mission.
    With a multitude of priorities, including responding to 
major emergencies like Hurricanes Harvey and Irma, securing our 
porous borders, protecting cyber space and enforcing our 
immigration laws, DHS's senior leadership needs timely 
financial information to inform its decisions.
    In addition, DHS needs systems that can be fully protected 
against the latest cyber threats to ensure personal and other 
sensitive data isn't compromised. Unfortunately, the 
Department's third and latest attempt to modernize its flagging 
financial systems has failed and DHS is struggling to determine 
a solid path forward.
    DHS has been attempting to modernize its financial systems 
for well over a decade. The two previous attempts wasted, or 
cost, over $50 million to build a Department-wide integrated 
financial system.
    Following these failures--and I say that because we are 
still trying, we still don't have anything after the $50 
million--but following these failures, DHS chose to modernize 
component financial systems with the most critical need first.
    In 2013, the Obama administration urged agencies to use 
Federal shared service providers to improve financial systems. 
Shortly thereafter, DHS decided to enter a discovery phase with 
the Interior Business Center, or the IBC, within the Department 
of Interior.
    By August 2014, DHS had entered into an agreement with the 
IBC to modernize systems for the Domestic Nuclear Detection 
Office, Transportation Security Administration, and the U.S. 
Coast Guard at a cost of $79 million.
    Congressional watchdogs at GAO, or the Government 
Accountability Office, warned in 2013 that DHS had an increased 
risk of, among other things, investing in and implementing 
systems that do not provide the desired capabilities and 
ineffectively use resources during its financial system 
modernization efforts.
    GAO's prediction came true. Costs for the project have 
ballooned to over $124 million as of August, about 60 percent 
more than the original estimate.
    However, the truth is that DHS has no idea how much it will 
cost in the end. TSA's modernized system will go live over 2 
years later than planned and the Coast Guard system will not be 
modernized at all under the current agreement with the IBC. 
This outcome is simply astounding, reprehensible, and 
unacceptable from a pure cost standpoint, if not from an 
efficacy standpoint.
    It is proof that the Obama administration's Federal shared 
service provider concept was doomed to fail for such a large 
agency. GAO attributes the failure to numerous causes: Lack of 
proper planning, aggressive schedule, complex and changing 
requirements, increased cost, and management and communication 
failures. DHS is now rushing to implement a new strategy which 
will likely put taxpayer dollars at risk to waste.
    We are at a critical moment. DHS must fully engage with the 
private sector to help salvage this disaster. Leveraging 
industry's talents is what should have been done in the first 
place and is the only possible way DHS might right this ship.
    As a former small-business owner, it baffles me how the 
Federal Government can spend over 10 years and hundreds of 
millions of dollars and have so little to show for it. 
Businesses large and small have to modernize systems and 
processes every single day. It may be hard, but it doesn't take 
them decades and hundreds of millions of dollars to do it.
    Mr. Fulghum, you were on the ground floor of this effort. 
You were involved in the negotiations with the IBC and its 
implementation as the chief financial officer. I demand on 
behalf of the taxpayers a full explanation as to how we got 
here and what is being done to fix this mess.
    Quite frankly, the magnitude of this failure demands 
accountability by those in charge and it calls into question 
the management directorate's ability to lead critical 
management issues facing DHS in the future based on what has 
been done in the past.
    [The statement of Chairman Perry follows:]
                   Statement of Chairman Scott Perry
                           September 26, 2017
    As the third-largest Federal cabinet agency, the Department of 
Homeland Security (DHS) has a duty to be an effective steward of 
taxpayer dollars. Sound management of its finances is vital to 
implementing the homeland security mission. With a multitude of 
priorities including responding to major emergencies like Hurricanes 
Harvey and Irma, securing our porous borders, protecting cyber space, 
and enforcing our immigration laws, DHS's senior leadership needs 
timely financial information to inform its decisions. In addition, DHS 
needs systems that can be fully protected against the latest cyber 
threats to ensure personal and other sensitive data isn't compromised. 
Unfortunately, the Department's third, and latest, attempt to modernize 
its flagging financial systems has failed, and DHS is struggling to 
determine a solid path forward.
    DHS has been attempting to modernize its financial systems for well 
over a decade. The two previous attempts wasted over $50 million to 
build a Department-wide integrated financial system. Following these 
failures, DHS chose to modernize component financial systems with the 
most critical need first. In 2013, the Obama administration urged 
agencies to use Federal shared service providers to improve financial 
systems. Shortly thereafter, DHS decided to enter a ``discovery phase'' 
with the Interior Business Center (IBC) within the Department of 
Interior. By August 2014, DHS had entered into an agreement with IBC to 
modernize systems for the Domestic Nuclear Detection Office, 
Transportation Security Administration, and the U.S. Coast Guard at a 
cost of $79 million. Congressional watchdogs at GAO warned in 2013 that 
DHS had ``an increased risk of, among other things, investing in and 
implementing systems that do not provide the desired capabilities and 
inefficiently use resources during its financial system modernization 
efforts.''
    GAO's prediction came true. Costs for the project have ballooned to 
over $124 million as of August--about 60 percent more than the original 
estimate. However, the truth is that DHS has no idea how much it will 
cost in the end. TSA's modernized system will go live over 2 years 
later than planned and Coast Guard's system will not be modernized at 
all under the current agreement with IBC. This outcome is simply 
astounding, reprehensible, and unacceptable. It is proof that the Obama 
administration's Federal shared service provider concept was doomed to 
fail for such a large agency. GAO attributes the failure to numerous 
causes: Lack of proper planning, aggressive schedule, complex and 
changing requirements, increased costs, and management and 
communication failures. DHS is now rushing to implement a new strategy, 
which will likely put taxpayer dollars at more risk to waste. We are at 
a critical moment; DHS must fully engage with the private sector to 
help salvage this disaster. Leveraging industry's talents is what 
should have been done in the first place and is the only possible way 
DHS might right this ship.
    As a former small business owner, it baffles me how the Federal 
Government can spend over 10 years and hundreds of millions of dollars 
and have so little to show for it. Businesses, large and small, have to 
modernize systems and processes every day; it may be hard but it 
doesn't take them decades and hundreds of millions of dollars to do it. 
Mr. Fulghum, you were on the ground floor of this effort. You were 
involved in the negotiations with IBC and its implementation as the 
chief financial officer. I want a full explanation as to how we got 
here and what's being done to fix this mess. Quite frankly, the 
magnitude of this failure demands accountability by those in charge and 
it calls into question the Management Directorate's ability to lead 
critical management issues facing DHS in the future.

    Mr. Perry. The Chair now recognizes the Ranking Minority 
Member of the subcommittee, the gentleman from California, Mr. 
Correa, for his statement.
    Mr. Correa. Thank you, Chairman Perry.
    I want to thank our witnesses here today, a very important 
hearing, very important issues.
    An area critical to our Nation's security as well as 
safeguarding taxpayer dollars, there is a need for Department 
of Homeland Security to have a modern and effective information 
technology system.
    In 2013 under the Obama administration, the Office of 
Management and Budget instructed each Federal agency to 
implement a Federal shared service provider for financial 
systems management. The goal was simple: To support decision 
making and improve the Department's ability to provide timely 
and accurate financial reporting. Essentially, how much money 
we are spending, when are we spending it, and how we are 
spending it.
    Following OMB's guidelines, DHS immediately entered into an 
agreement with the Department of Interior's shared service 
provider, Interior Business Center, becoming the first Cabinet-
level agency to move to a Federal provider for financial 
management.
    During a year-long discovery phase, many called into 
question IBC's ability to transfer large agencies the size of 
TSA and Coast Guard, yet the Department and IBC moved ahead 
with an agreement anyway. Unfortunately, the plan to transfer 
the Domestic Nuclear Detection Office, DNDO, TSA, and Coast 
Guard to an IBC solution failed.
    It is even more troubling that DHS spent millions of 
dollars, as our Chair has said, on this modernization effort 
with nothing really to show for it. Financial systems, 
financial management is key to the success of DHS and its 
mission.
    According to DHS financial statement auditors, despite 
receiving clean audits, DHS faces long-term challenges in 
sustaining a clean audit opinion and providing reliable, 
timely, and useful financial data to support operational 
decision making. These deficiencies have contributed to the 
GAO's decision to designate DHS management functions, including 
financial management, as high-risk.
    I hope today's witnesses can highlight the errors that 
occurred with the financial systems modernization effort and 
how DHS can move ahead toward achieving shared service 
solutions for financial systems.
    Let me say that having come from the State of California, 
what we believe is probably the fourth-largest economy in the 
world, IT was always a challenge in the State of California. It 
was always expensive, never done right, never on time, constant 
monitoring was needed. Big contracts, small contracts, private 
contracts, in-house contracts, always a challenge.
    At the end of the day, I think part of the solution is 
going to be constant monitoring, constant reports to this 
committee and others to make sure that whatever is being done 
in terms of implementing IT is being done right.
    With that, I yield the balance of my time, Mr. Chairman.
    [The statement of Ranking Member Correa follows:]
               Statement of Ranking Member J. Luis Correa
                           September 26, 2017
    This subcommittee has held hearings on a range of matters, some of 
which do not have bipartisan agreement. One area we do have common 
ground on, however, is the need for the Department of Homeland Security 
to have modern, effective information technology systems.
    In 2013, under the Obama administration, the Office of Management 
and Budget instructed each Federal agency to move towards a Federal 
shared service provider for financial systems management. This 
initiative was designed to strengthen access to, and quality of, 
financial information to support decision making and improve the 
Department's ability to provide timely and accurate financial 
reporting.
    Simply put, DHS should, at any given moment, know how money is 
being spent across the Department.
    In furtherance of OMB's guidelines, DHS quickly entered into an 
agreement with the Department of Interior's shared service provider, 
Interior Business Center (IBC), becoming the first Cabinet-level agency 
to move to a Federal provider for financial management. During a year-
long discovery phase, many called into question IBC's ability to 
migrate large agencies the size of TSA and Coast Guard, yet the 
Department and IBC moved forward with an agreement.
    Unfortunately, the plan to migrate DNDO, TSA, and Coast Guard to an 
IBC solution failed due to a number of problems, including insufficient 
product delivery, incompatible expectations, and unexpected delays. I 
am troubled to hear that despite such a lengthy discovery period, 
neither IBC nor DHS predicted this unfortunate result.
    It is even more troubling that DHS spent millions of dollars on 
this modernization effort with nothing to show for it. Financial 
systems management is critically important to the success of DHS in 
fulfilling its mission.
    According to DHS financial statement auditors, despite receiving 
clean audits, DHS faces long-term challenges in sustaining a clean 
audit opinion and providing reliable, timely, and useful financial data 
to support operational decision making. These deficiencies contributed 
to GAO's decision to designate DHS's management functions, including 
financial management, as high-risk.
    I hope today's witnesses can shine light onto the errors that 
occurred with the financial systems modernization effort and the manner 
in which DHS can move towards achieving a shared service solution for 
its financial systems.
    Too often, DHS has failed to establish effective management and 
oversight of its IT improvement efforts. It is time for DHS to fix the 
out-of-date, inefficient IT systems currently in use and address these 
issues once and for all.

    Mr. Perry. The Chair thanks the gentleman from California.
    Other Members of the subcommittee are reminded that opening 
statements may be submitted for the record.
    [The statement of Ranking Member Thompson follows:]
             Statement of Ranking Member Bennie G. Thompson
                           September 26, 2017
    The recent hurricanes illustrate that when a crippling natural 
disaster or other major incident hits our country, the Department of 
Homeland Security needs a precise understanding of both its human and 
financial resources in order to make timely decisions that will 
ultimately affect the American people.
    Its goes without saying that knowing how funds are distributed and 
spent throughout the Department at any given moment is critical to 
ensuring taxpayer dollars are spent effectively and efficiently. 
Throughout my tenure on this committee we have initiated multiple GAO 
audits and held oversight hearings on financial systems modernization, 
and it is clear that it is more than an uphill battle for DHS.
    For over a decade, DHS has attempted to modernize its financial 
systems, and has been unsuccessful to date. Since DHS's inception there 
have been three failed attempts to modernize the agency's financial 
systems--leaving billions of taxpayer dollars wasted. Before DHS 
embarks on another attempt to modernize its financial systems it should 
at least have an adequate and thorough roadmap of how this 
modernization is to be achieved.
    Unfortunately, President Trump has made it clear that financial 
systems modernization is not a priority at DHS, leaving the fate of 
financial management systems modernization uncertain. Under the 
President's budget, DHS would lose $41 million toward its Financial 
Systems Modernization program.
    The President's misguided priorities for DHS include diverting 
critical resources away from information technology improvements 
towards fulfilling campaign fantasies, such as a multi-billion dollar 
wall along the Southern Border.
    I look forward to hearing from the witnesses today about the 
lessons learned from previous modernization efforts and how DHS can 
move forward in a positive direction for the good of the Department and 
out of respect for the American taxpayers' hard-earned dollars.

    Mr. Perry. We are pleased to have a distinguished panel of 
witnesses before us today. The witnesses' entire written 
statements will appear in the record.
    The Chair will introduce the witnesses first and then 
recognize each of you for your testimony.
    The honorable Chip Fulghum is the deputy under secretary 
for management at DHS. Mr. Fulghum joined DHS in October 2012 
as its budget director and has served in numerous senior 
positions including acting deputy secretary, acting under 
secretary for management, and chief financial officer. Prior to 
joining the Department, Mr. Fulghum served for 28 years in the 
United States Air Force retiring with a rank of colonel.
    We thank him for his service.
    Ms. Michele Singer has been the director of the Interior 
Business Center in the Department of Interior since June 2015. 
In this capacity, she leads delivery of shared services to 
support interior offices and bureaus as well as over 150 other 
Federal agencies. Ms. Singer previously worked on issues 
related to Indian Affairs and joined the Department of Interior 
in 2000.
    Welcome.
    Ms. Elizabeth Angerman--is that correct, did I--thank you, 
ma'am--has been executive director of Unified Shared Services 
Management at the General Services Administration, or the GSA, 
since October 2015. In this position, she provided agencies 
input and advice on best practices related to designing and 
executing shared administrative functions. Prior to GSA, Ms. 
Angerman was executive director of the Office of Financial 
Innovation and Transformation, or FIT, in the Treasury 
Department.
    Welcome.
    Finally, Mr. Asif Khan is a director for financial 
management and assurance issues at the U.S. Government and 
Accountability Office. Mr. Khan leads GAO's evaluations related 
to financial management issues at the Department of Homeland 
Security and Department of Defense. Mr. Khan joined the GAO in 
January 2009 after almost 20 years in public accounting with 
major firms auditing and advising U.S. Government agencies.
    We welcome him.
    The Chair now recognizes Mr. Fulghum for his opening 
statement.
    Sir.

     STATEMENT OF CHIP FULGHUM, DEPUTY UNDER SECRETARY FOR 
        MANAGEMENT, U.S. DEPARTMENT OF HOMELAND SECURITY

    Mr. Fulghum. Chairman Perry, Ranking Member Correa, thank 
you for the opportunity to appear today to discuss our efforts 
regarding financial systems modernization.
    Today I will focus my comments on the need for 
modernization, the experience with the shared service model, 
what we have delivered to date, our lessons learned, and our 
path forward.
    Since the Department's inception, we have had a clear need 
for modernized financial solutions, given that some of today's 
systems lack functionality, aren't integrated, contribute to 
data inconsistency, rely on old, outdated technology, and 
create additional security risks, all of which leads to manual 
processes, workarounds, and creates internal control business 
process risks.
    Despite that fact, I am very proud of the fact that since 
2013 the Department of Homeland Security has earned four 
straight clean audits, which clearly demonstrates our ability 
to be good stewards of the taxpayers' money. We still, however, 
need modernized solutions.
    Beginning in 2013, we followed OMB direction via memorandum 
MD13-08 to pursue a Federal shared service model. We were the 
first large Cabinet-level agency to do so. Despite a limited 
availability of shared service providers, we partnered with IBC 
based on the fact that they were certified by Treasury, FIT, 
and the fact that their leadership provided assurance that they 
would have the capability and the resources necessary to 
service a large Federal Cabinet agency.
    Over the next 3\1/2\ years, we have experienced numerous 
challenges to include schedule delays and cost increases, which 
are unacceptable, primarily driven by a lack of understanding 
of our business requirements and the inability of IBC to 
adequately staff up.
    This caused me to pause the program twice, the first time 
in 2015 and again in 2016 when I made the decision along with 
IBC to end the relationship with IBC. In spite of these 
challenges, we have an integrated financial solution that works 
and is the foundation of the effort moving forward for what is 
known as the TRIO.
    Each day, that system, that has been in place for over 2 
years, makes payments, records accurate obligations, provides 
timely financial reporting, provides monthly financial 
statements, writes contracts, records those obligations in an 
integrated fashion into our financial system, provides real-
time funds check and has improved our internal control 
capability.
    This system meets 75 percent of the requirements. When TSA 
functionality is available in October, we will be over 80 
percent, which was the plan from the start.
    Given past challenges and the lessons learned, we have 
determined that IBC's business model does not meet the needs of 
a large Federal agency. Moving forward, we will leverage the 
investment made in the system and solution that works and build 
on the lessons learned to finish out the United States Coast 
Guard.
    To do this, we will have more frequent check-ins and more 
thorough testing of the system, more incremental releases, and 
we will have built-in transparency of cost and schedule with a 
contractor and a contracting mechanism that is simplified and 
performance-based.
    We have restructured our program office to have clear 
accountability. We will continue to have oversight from both 
the Department, USSM, and OMB. We will be able to fully 
leverage the Department's resources to include management of 
various lines of businesses, which, as GAO has noted in its 
most recent high-risk report, continues to mature its processes 
and reduce the number of high-risk items.
    In closing, I believe we have a solid path forward, but 
there is still risk. There is funding risk, there is continued 
risk of litigation, there is technical risk, and there is 
staffing risk. We will manage those risks by using the 
recommendations from GAO in their recent audit to manage more 
effectively those risks.
    We owe you further results and the buck stops with me. I 
remain committed and accountable to deliver results and build 
on the system that is working today.
    [The prepared statement of Mr. Fulghum follows:]
                   Prepared Statement of Chip Fulghum
                           September 26, 2017
    Chairman Perry, Ranking Member Correa, and distinguished Members of 
the subcommittee, thank you for the opportunity to appear today to 
discuss financial systems modernization (FSM) at the Department of 
Homeland Security (DHS). My comments will focus on our progress to 
date, challenges we have experienced, and why we are on the right path 
for this initiative.
    We acknowledge that improving DHS financial management systems has 
been a long-term effort, but during our recent modernization efforts, 
we have achieved successes, and continue to achieve planned milestones. 
Twenty-three months ago, we successfully moved the Domestic Nuclear 
Detection Office (DNDO) to a new shared services baseline solution that 
provides increased functionality, reduces audit risk, and provides 
real-time integration. We are preparing to move the Transportation 
Security Administration (TSA) functionality into production. The 
current solution meets 75 percent of DNDO, TSA, and the U.S. Coast 
Guard's (USCG) requirement needs. Once TSA is in production, 85 percent 
of DHS functional requirements for DNDO, TSA, and the USCG financial, 
acquisition, and asset management will be met.
    Additionally, U.S. Customs and Border Protection (CBP) is on a 
modernized platform, the Federal Law Enforcement Training Centers 
(FLETC) have performed a successful upgrade to its current financial 
system, and the U.S. Secret Service is finalizing its implementation of 
a solution upgrade to occur in October 2017. We will continue to build 
on these successes as we move forward.
    DHS has had a critical need to modernize its financial management 
systems from its inception. When DHS was first established, there were 
13 separate core financial systems across its components, operating 
under legacy policies and disparate business processes. These systems 
were comprised of outdated technology, were mostly non-integrated--with 
many still relying on manual processes which led to inconsistent data 
and reporting--and did not fully support DHS goals of strong, 
integrated internal controls and enhanced efficiency and security.
    Previous attempts to integrate DHS components' financial, asset, 
and acquisition management systems include the 2004 eMerge\2\ Program, 
which was halted due to its inability to build the necessary and 
critical integration among various commercial software products, and 
the Transformation and Systems Consolidation (TASC) program.
    The Department's efforts to modernize its financial management 
systems have been subject to repeated legal challenges before the 
Government Accountability Office (GAO), the U.S. Court of Federal 
Claims, and the Court of Appeals for the Federal Circuit. Most 
recently, the Inter-Agency Agreement process with the Department of the 
Interior (DOI) was challenged. The Department prevailed in that 
litigation (and the appeal) in October 2016.
    Despite having a complex mission and systems that are not 
interoperable, DHS has been able to achieve and sustain an unmodified--
clean--audit opinion on our financial statements for the past 4 years.
    Working together, the financial management community launched a 
multi-year effort to drive the Department toward a clean audit opinion 
and a full accounting for how it spends taxpayer dollars. Through 
dedication of senior leadership, development and implementation of 
standard policies and processes for financial reporting such as the DHS 
Accounting Classification Structure (ACS) and Common Appropriation 
Structure (CAS), hiring of talented professionals, commitment of our 
workforce, improvement of our business intelligence tools, and 
consistent and continuous training, DHS has achieved audit success and 
reduced the number of material weaknesses in our internal controls over 
financial reporting from 18 to 3.
    After the TASC program was halted, DHS again moved to meet its 
financial management system needs by following direction provided by 
the Under Secretary for Management (USM) in a September 2011 
memorandum, Moving Forward with Financial Systems Projects. The 
approach was to modernize components with the greatest business need 
for modernized financial management systems and leverage business 
intelligence to aggregate data in lieu of acquiring a Department-wide 
solution.
    In establishing the FSM program, we followed the OMB memorandum M-
13-08, Improving Financial Management Systems Through Shared Services, 
which prescribed a shared service approach for new core accounting 
systems proposals or mixed systems upgrades. Following the direction of 
the previous USM and the OMB directive's guidance, DHS identified the 
USCG, with TSA and DNDO as their customers, as the components with the 
most critical need to update their current system.
    OMB provided a limited number of Federal Shared Service Providers 
(FSSP) certified to service large Cabinet-level agencies such as DHS. 
The DOI's Interior Business Center (IBC) is one of four OMB-designated 
FSSPs certified through Treasury's Office of Financial Innovation and 
Transformation (FIT). In 2013, DHS established an Inter-Agency 
Agreement for a Discovery phase to evaluate the IBC solution and its 
fit for DNDO, TSA, and the USCG.
    Through the Discovery process, IBC validated they could transition 
the three components to their solution, and DHS confirmed that the IBC 
solution would meet the components' functional and operational support 
needs. DHS and IBC worked closely with OMB and Treasury to obtain 
approval to proceed with implementation. As a pilot, DNDO, a small DHS 
component, migrated to the accounting solution in November 2015 and 
then migrated to the procurement part of the solution in March 2016.
    Overall, this integrated solution provides improved functionality 
and integration, has a lower risk of information security issues, will 
provide a consolidated view of project costs across components, and 
increases transparency and reliability of information. The solution 
also supports the implementation of the DHS ACS.
    Throughout our 4-year partnership, there have been several 
challenges including an incomplete understanding of the requirements 
and complexities related to providing a standard solution for a 
Cabinet-level agency the size of DHS. The recent GAO audit also 
highlighted five categories that name many of the areas where we faced 
these challenges: Complex requirements, project resources, project 
schedule, project cost, and project management and communications.
    Late in 2016, IBC informed DHS they would not be able to continue 
the USCG implementation and could not support further engagement 
activities with other DHS components as planned. DHS and IBC agreed 
that preserving the investment DHS has made is now paramount and will 
move us forward while delivering the best value for the Government. 
However, the current structure of the project between IBC and DHS is 
not sustainable. DHS and IBC determined the best path is to move the 
software solution to a new hosting location, or data center, and for 
DHS to assume operation of the system while we continue the TSA and 
USCG migrations.
    Both IBC and DHS have worked closely together to build out the 
remaining requirements for TSA. TSA will transition to the system once 
data migration, user training, and organizational change management 
activities are complete, the system stability has been proven, and any 
risks to auditability are mitigated. Moving forward, our FSM approach 
will shift from leveraging FSSPs to reemphasizing the DHS business 
process standardization and further reducing our system footprint where 
possible.
    We have found our personnel have the deepest understanding of DHS 
mission needs and how they are best supported through systems and 
processes. Our management team remains fully engaged and integrated; 
the Office of the Chief Information Officer and the Office of the Chief 
Procurement Officer are particularly involved in the day-to-day work of 
implementing our integrated financial management solution. We have 
reached out to components and brought in additional subject-matter 
expertise across relevant business process areas, strengthened our 
testing and evaluation program, involved systems engineers from the DHS 
Science & Technology Directorate, and are working closely with the 
Office of Program Accountability and Risk Management to meet best 
practices and minimize risks.
    The decision to leverage the solution currently in use by DNDO 
provides the best available option to meet DHS financial management 
needs for TSA and USCG within a reasonable time frame. DHS will 
preserve its robust governance structure, with Acquisition Review Board 
oversight, and a fully engaged FSM Executive Steering Committee. 
Additionally, the DHS management chiefs and components will continue 
working closely together to ensure success as the FSM initiative moves 
forward.
    To apply the lessons learned from the IBC engagement and better 
support the initiative going forward, DHS has changed its 
implementation approach from individual component projects to a single 
initiative and added a Joint Program Management Office (JPMO). The JPMO 
provides centralized program governance and streamlined decision 
making; This stands in contrast to our effort with IBC, where 
governance and decision making was split across two entities.
    The JPMO is responsible for successful execution, schedule 
maintenance, risk management, and all other program management 
activities. The JPMO is staffed with DHS Headquarters and component 
subject-matter experts working together to better identify and mitigate 
risk, implement risk mitigation plans, increase component integration, 
and support business process standardization across the Department.
    DHS will leverage internal program management processes and 
expertise to lead the program and introduce implementation support 
tools to perform requirements management, evaluate system performance, 
and coordinate and document testing. We will require earned value 
management from our vendors and establish quality controls for services 
and deliverables. We will increase transparency into costing and 
status, using a time and materials methodology initially and 
transitioning to a firm fixed price once we have a very clear picture 
of our detailed requirements for the hosting and system integrators.
    The GAO-17-799 Report examines the extent to which DHS followed 
best practices in analyzing alternatives and selecting its FSM 
approach; whether DHS used best practices when managing the risks of 
using IBC; and the key factors and challenges that have impacted the 
FSM program and DHS's plans for completing key priorities. DHS concurs 
with both GAO recommendations to improve guidance related to conducting 
Analysis of Alternatives and to improve our risk management approach. 
Actions are already in progress to address these recommendations, and 
they will be incorporated into the current FSM efforts.
    In summary, DHS has made a significant investment in the IBC 
financial management solution, which has delivered a standardized 
baseline solution with increased functionality and integration for DNDO 
and will deliver improved financial operations for TSA and USCG when 
they migrate. We will continue to move forward, exercising sound 
business judgment, obtaining the best value for the Department, and 
striving for a wise use of public resources while maintaining our clean 
audit opinion, mitigating risks, and incorporating lessons learned. We 
cannot keep patching our legacy systems at components and never realize 
the benefits that come from moving to a modern integrated business 
solution that meets our requirements. We will continue to keep you 
updated on the progress of our plan for the transition from IBC.
    Chairman Perry, Ranking Member Correa, and distinguished Members of 
the subcommittee, thank you again for the opportunity to testify today 
and I look forward to your questions.

    Mr. Perry. Thank you, Mr. Fulghum.
    The Chair now recognizes Ms. Singer for an opening 
statement.
    Ma'am.

  STATEMENT OF MICHELE F. SINGER, DIRECTOR, INTERIOR BUSINESS 
            CENTER, U.S. DEPARTMENT OF THE INTERIOR

    Ms. Singer. Thank you. Chairman Perry, Ranking Member 
Correa, and Members of the subcommittee, thank you for this 
opportunity to discuss the Department of Homeland Security 
financial system modernization program.
    I am Michele Singer, the director of the Interior Business 
Center at the U.S. Department of the Interior, and I began 
overseeing this program for IBC in April 2016.
    The Interior Business Center is a certified Federal shared 
service provider in financial management and human resources 
and payroll. We are also an authorized provider for acquisition 
services. Currently, we serve more than 170 Federal agencies 
and organizations. Like other shared service providers, IBC 
supports customer agencies' missions by providing critical 
business and administrative support.
    The Interior Business Center operates a customer-funded, 
full cost-recovery business model and does not receive any 
appropriated funds. These unique circumstances can present 
significant challenges for scaleability, particularly in 
migrating Cabinet-level agency components to a common shared 
service solution.
    In partnership with IBC since 2014, DHS has undertaken an 
effort to modernize, consolidate, and integrate the agency's 
vast financial resources and assets. The scheduling costs 
provided for in this project were based on requirements 
designed to be implemented and shared across the DHS TRIO 
component. Over evolution of this program, the identification 
of additional requirements resulted in a deviation from a 
shared model to a more customized and expensive solution. 
Increasing resources to accommodate these needs has and will 
continue to increase the overall cost of the program.
    The engagement between IBC and DHS has resulted in the 
creation of valuable assets. These assets can and will be 
transitioned, ensuring that the investments made to date are 
preserved. This program has experienced a number of complex and 
multifaceted challenges, yet it has also provided for an 
opportunity for lessons learned regarding the feasibility and 
execution of the shared services implementation of a large 
federated agency.
    I would like to highlight just a few of those lessons 
learned for you today. To achieve strong adoption of standard 
business processes, customer agencies must evaluate their 
complex business processes with a willingness to differentiate 
and potentially eliminate those disparate processes that are 
not legally mandated.
    With shared services model, existing business processes 
must converge into unified processes that can be shared amongst 
all components and amongst different agencies. This requires a 
strong centralized management team designated in power to drive 
standardization. Someone must have the authority to say no to 
individualized requests supporting a single component. Customer 
agencies must have a clearly-defined communications strategy 
that ensures all stakeholders are engaged at appropriate times 
and the customer agencies should not defer to a service 
provider to communicate across its organization.
    Service providers must help a customer agency execute a 
comprehensive training plan that needs to ensure employees 
understand how to do their jobs within new processes, not just 
how to operate the system.
    Moving to a shared service provider for mission support 
services is challenging; however, with effective change 
management plan and business process reengineering, Federal 
agencies can modernize their financial management systems and 
realize the benefits of a shared service solution.
    Thank you for this opportunity, and I do look forward to 
your questions.
    [The prepared statement of Ms. Singer follows:]
                Prepared Statement of Michele F. Singer
                           September 26, 2017
    Chairman Perry, Ranking Member Correa, and Members of the 
subcommittee, thank you for this opportunity to discuss the Department 
of Homeland Security (DHS) Financial Systems Modernization (FSM) 
Program. I am Michele Singer, the director of the Interior Business 
Center (IBC) at the U.S. Department of the Interior (Interior). I began 
overseeing the DHS FSM Program for IBC in April 2016.
    The Interior Business Center is a certified Federal shared services 
provider in financial management and human resources/payroll, and an 
authorized provider for acquisition services. Currently, we serve more 
than 170 Federal agencies and organizations, and like other shared 
service providers, IBC supports customer agencies' missions by 
providing critical business and administrative support services.
    In partnership with IBC since 2014, DHS has undertaken an effort to 
modernize, consolidate, and integrate the agency's vast financial 
resources and assets. The DHS FSM Program included prioritization of 
the DHS components with the most critical business need to modernize 
their financial management systems. Integration of the modernized 
financial systems with asset management and acquisition systems would 
result in component-level integrated financial management systems. With 
this effort, DHS became the first Cabinet-level agency to engage a 
Federal shared services provider to modernize its core financial 
system.
    Following the roadmap defined by the Office of Management and 
Budget and the Department of the Treasury Office of Financial 
Innovation and Transformation that encouraged agencies to use certified 
Federal providers for their future modernization efforts, IBC and DHS 
entered into an interagency agreement (IAA) for the financial system 
implementation of the DHS ``Trio'' components: USCG, TSA, and DNDO. 
Before signing the agreement in August 2014, IBC completed a discovery 
effort with DHS to determine if IBC's Federalized Oracle Federal 
Financials solution \1\ would meet the financial management systems 
needs of the DHS Trio components.
---------------------------------------------------------------------------
    \1\ Using off-the-shelf functionality as a baseline, IBC implements 
and maintains a preconfigured version of Oracle Federal Financials that 
incorporates processes common to Federal agencies. The application is 
hosted in a shared environment. In addition to the integrated modules 
that make up the core financials solution, the preconfigured version 
supported by IBC also includes a set of standard reports, which 
provides general data elements that are used by most Federal agencies.
---------------------------------------------------------------------------
    The IBC operates a customer-funded, full-cost recovery business 
model in the working capital fund and Interior Franchise Fund and does 
not receive appropriated funds.\2\ These unique circumstances can 
present significant challenges for scalability, particularly in 
migrating Cabinet-level agency components to a common, shared service 
solution. The schedule and costs presented in the IAA were based on 
specific requirements designed to be implemented and shared across the 
DHS Trio components. Over the evolution of this program, the 
identification of additional, unique DHS and component requirements 
resulted in a deviation from a shared model to a more customized and 
expensive solution. Increasing resources to accommodate the more custom 
solution has--and will continue to--increase the overall cost of the 
DHS FSM Program.
---------------------------------------------------------------------------
    \2\ Interior's Working Capital Fund was established pursuant to 43 
U.S. Code Sec. 1467. The Interior Franchise Fund was established 
pursuant to the Omnibus Consolidated Appropriations Act of 1997, Pub. 
L. 104-208.
---------------------------------------------------------------------------
    In January 2017, IBC and DHS began planning for a transition of the 
DHS FSM Program components to a new environment. Transitioning the 
program to a DHS-only environment has been chosen as the path forward 
due to the unique and complex requirements that are incongruous with 
the shared service model.
    The engagement between the IBC and DHS has resulted in the creation 
of valuable assets that can and will be transitioned, ensuring that the 
investments made to date are preserved. This program has experienced a 
number of complex and multifaceted challenges, yet it has also provided 
an opportunity for lessons learned regarding the feasibility and 
execution of a shared services implementation for a large, federated 
agency. I would like to highlight some of these lessons learned for the 
subcommittee today.
              business process documentation and redesign
    To successfully implement a shared service solution, customer 
agencies play an important role in their organizations' change 
management. To achieve strong adoption of standard business processes, 
customer agencies must evaluate their complex business processes with a 
willingness to differentiate (and potentially eliminate) disparate 
processes that are not legally mandated. Additionally, a documented 
approach for transition, arbitration, and change management must be 
communicated and understood by all agency components, obtaining buy-in 
and understanding of how the new system will operate.
                               governance
    With a shared service model, existing business processes must 
converge into unified standard processes that can be shared between all 
components within an agency. This requires a strong, centralized 
management team designated and empowered to drive standardization 
across the entire organization. Someone must have the authority to say 
``no'' to individualized requests supporting a single component.
                stakeholder communication and engagement
    Customer agencies must have a clearly-defined communication 
strategy that ensures that all stakeholders are engaged at the 
appropriate times. The customer agency should not defer to or rely on 
the service provider to communicate across its organization.
                                training
    Service providers should help customer agencies execute a 
comprehensive training plan that ensures employees understand how to do 
their jobs within the new processes, not just how to use the system. 
This training should include a crosswalk, comparing how business 
processes are done today with how they will be done in the new system.
    Moving to a shared provider for mission support services is 
challenging. However, with an effective change management plan and 
business process reengineering, Federal agencies can modernize their 
financial management systems and realize the benefits of a shared 
service solution.
    Thank you and I look forward to your questions.

    Mr. Perry. The Chair thanks you, Ms. Singer.
    The Chair now recognizes Ms. Angerman for an opening 
statement.

  STATEMENT OF ELIZABETH ANGERMAN, EXECUTIVE DIRECTOR, UNITED 
 SHARED SERVICES MANAGEMENT, OFFICE OF GOVERNMENT-WIDE POLICY, 
              U.S. GENERAL SERVICES ADMINISTRATION

    Ms. Angerman. Thank you. Chairman Perry, Ranking Member 
Correa, and Members of the committee, it is a pleasure to 
appear before you today.
    My name is Beth Angerman and I am the executive director of 
the Unified Shared Services Management Office in the General 
Services Administration. I have served the Federal Government 
as a career employee for 12 years and spent the majority of my 
career focused on Government-wide programs helping to 
consolidate and centralize common administrative activities.
    My comments today will focus on the potential benefits that 
shared services could bring to the Federal Government and the 
lessons learned that are shaping the path forward.
    The need for modernization of aging and high-risk IT 
systems is an on-going concern for senior leadership across the 
Federal landscape. The challenge of funding, managing, and 
securing legacy systems distracts resources from the critical 
missions that Federal agencies are accountable to deliver.
    Furthermore, the work force is performing very similar and 
duplicative work across Government and is doing so oftentimes 
following manual and legacy processes.
    Agencies have been asked to assess how they can reduce this 
duplication and put more resources on mission work. Shared 
services is an industry best practice that can help.
    The USSM office was created within GSA in 2015 to design 
the standards for more integrated solutions across 
administrative functions, provide transparency into the 
performance of shared service providers, and to provide advice 
and best practices to agencies who are planning these kinds of 
transformative efforts.
    The Federal Government has been sharing services for more 
than 40 years, but with varying degrees of success. In 2004, 
the Government consolidated 26 different payroll systems to 
four and saved the Government over $1 billion over 10 years. 
More than 70 percent of the Government is using a shared 
solution for personnel action processing systems and over 85 
percent of all payments are processed from a centralized system 
at the Department of Treasury.
    Despite this progress, the Government still lags behind 
private industry in adopting shared services as a best 
practice. The Federal Government has over 100 time-and-
attendance systems and over 40 financial management systems. 
These are just two of several examples of the duplications that 
exist today.
    The Government can do better, but we must acknowledge the 
lessons learned as critical input to the strategy moving 
forward. Those lessons and best practices are published in a 
playbook by USSM to assist agencies in the pivot to a shared 
environment.
    USSM engaged with several agencies, including the 
Departments of the Interior and Homeland Security, and industry 
experts to inform the creation of the USSM playbook. The 
partnerships delivered a functional financial management 
solution that DHS is confident will meet the majority of their 
complex needs and they intend to protect the investment as they 
transition forward.
    Over the course of the last 2 years, USSM has informed the 
program on best practices to improve change management, 
integrated project management and risk management, and many 
improvements were made. However, the gap between the complex 
needs of a large Cabinet-level agency like DHS and the intended 
service delivery mode at IBC has led these agencies to end 
their partnership. This experience has uncovered a critical 
opportunity for the Government to document what capabilities it 
requires in the future of administrative systems.
    USSM has designed a methodology and governance structure 
for capturing and maintaining those requirements inclusive of 
standard data definitions. The Federal community will need to 
reconcile the differences that exist among them today and agree 
on standard business rules for common functions. While 
uniquenesses do exist because of vastly different missions and 
legislation, it is a common belief that there is more alike 
about us than different.
    This work, coordinated by my office, will allow the 
Government to leverage its buying power and manage risk by 
sharing the burden of maintaining and securing technology with 
industry.
    The Government has too many legacy systems today. If we let 
agencies replace those systems without consolidating, we will 
be building the legacy systems of tomorrow without access to 
capital to maintain them. This is challenging work and it 
requires leadership to see the long-term potential, but if we 
are successful we will have more time, energy, and resources to 
dedicate to missions and better meet the needs of American 
taxpayers.
    I am grateful for the opportunity to speak with you today, 
and I would welcome any questions from the committee.
    [The prepared statement of Ms. Angerman follows:]
                Prepared Statement of Elizabeth Angerman
                           September 26, 2017
    Chairman Perry, Ranking Member Correa, and Members of the 
subcommittee, it is a pleasure to appear before you today. My name is 
Elizabeth Angerman and I am the executive director of the Office of 
Unified Shared Services Management at the U.S. General Services 
Administration (GSA). My comments today will focus on the potential 
benefits that shared services could bring to the Federal Government and 
the lessons learned that are shaping the role that GSA will play to 
help agencies recognize those benefits.
    The need for modernization of aging and high-risk IT systems is an 
on-going concern for senior leadership across the Federal landscape. 
The challenge of funding, managing, and securing legacy systems 
distracts resources from the critical missions that Federal agencies 
are accountable to deliver. Furthermore, common processes to hire and 
retain Federal employees, process accounting transactions, and procure 
goods and services are also decentralized, redundant, and often manual. 
As agencies investigate ways to allocate more resources to their 
missions, GSA is well-positioned to advise agencies on best practices 
related to shared services and, more importantly, leverage the buying 
power of the Federal Government to provide contracts and services that 
deliver both modern technology and services that will drive 
standardization and efficiency across Government.
    The Unified Shared Services Management (USSM) office was created 
within GSA in 2015 to design the standards for more integrated 
solutions of administrative functions across lines of business, provide 
transparency into the performance of Federal Shared Service Providers 
to inform agency decision making, and to provide advice and guidance to 
agencies that are planning for new administrative solutions based on 
lessons learned and best practices. USSM's mission is to transform the 
way Government does business internally to improve the way the 
Government serves the American public. Given declining resources and a 
need to focus more on mission, the time has never been more right to 
understand how increased sharing can help agencies address these 
challenges.
    The Federal Government has been sharing services for more than 40 
years with varying degrees of success. In 2004, the Government 
consolidated 26 different payroll systems to four, which saved the 
Government over $1 billion over 10 years.\1\ Today, more than 70 
percent of Federal Government agencies use a shared solution for 
personnel action processing systems, and over 85 percent of payments 
are processed from a centralized system at the U.S. Department of 
Treasury. Last year, the U.S. Government Accountability Office (GAO) 
stated that ``moving to shared services can save the Federal Government 
billions of dollars as well as reduce duplicative efforts, decrease 
systems upgrades, and free up resources for mission-critical 
activities'' (GAO Report 16-477).
---------------------------------------------------------------------------
    \1\ https://www.opm.gov/services-for-agencies/hr-line-of-business/
cost-benefit-analysis/fy-2011-cost-benefit-analysis-report.pdf.
---------------------------------------------------------------------------
    Despite this progress, the Government still lags behind private 
industry in adopting shared services for daily business operations. In 
comparison, over 90 percent of Fortune 500 companies have implemented 
shared services.\2\ IBM, for example, in its Center for the Business of 
Government report, stated it reduced spending by $4 billion over 4 
years through its own reorganization to a shared services model. 
Procter and Gamble saved $900 million in cost savings over an 8-year 
transformation. The Technology CEO Council, comprised of chief 
executive officers from some of America's largest IT companies, 
estimates shared services could lead to $47 billion in cost reductions 
for the Government over 10 years.\3\
---------------------------------------------------------------------------
    \2\ https://www.pwc.com/us/en/outsourcing-shared-services-centers/
assets/hfs-report-pwc-developing-framework-global-services.pdf.
    \3\ ``The Government We Need'', Technology CEO Council, January 
2016.
---------------------------------------------------------------------------
    The potential of shared services to save taxpayers money and make 
Government more efficient is clear, but there is still much work to be 
done to fully realize these benefits. According to the Office of 
Personnel Management's 2015 Human Resources Line of Business Strategic 
Framework, the Federal Government has over 100 time and attendance 
systems. The fiscal year 2016 Cross-Agency Priority Goal Report reports 
that the Federal Government has over 40 financial management systems, 
with many ancillary add-ons. While successful adoption of shared 
services has seen various levels of success across Government, these 
numbers alone clearly show this is an effort that should not be 
abandoned. Instead, the Government must acknowledge the lessons learned 
from both successes and failures as critical input to the shared 
service strategy moving forward. It is USSM's mission to ensure this 
happens.
    Over the last 2 years, USSM has consulted with many agencies that 
have partnered with Federal Shared Service Providers to provide advice 
and guidance on best practices and lessons learned to improve the 
likelihood of successful migrations and modernizations. These lessons 
and best practices impact both the behavior of customers (demand) and 
the expectations of providers (supply), and are published in a playbook 
to assist agencies in the pivot to a shared operational environment. 
The playbook provides guidance, templates, and a coordinated review 
process that can inform management and oversight of these investments 
and migrations.
    As part of its outreach, USSM engaged with the U.S. Department of 
Homeland Security (DHS) and the U.S. Department of the Interior to 
inform the creation of the USSM playbook. The partnership delivered a 
functional financial management solution that DHS claims meets the 
majority of their complex needs and they intend to protect the 
investment as they transition to the path forward. Over the course of 
the last 2 years, USSM has informed the program on best practices to 
improve change management, integrated program management, and risk 
management, and many improvements have been made. However, the gap 
between the complex needs of a large Cabinet-level agency like DHS and 
the current service delivery model at the Interior Business Center has 
led to the decision to end the partnership and for DHS to reclaim 
ownership of the system. We will continue to use our expertise to 
consult with DHS and other agencies, as appropriate, in their journey 
to modernize and improve their common administrative functions.
    The challenge for the Federal Government is that we have not been 
able to articulate, in a coordinated and consistent way, the agreed-
upon business needs for common administrative systems and/or services. 
The shared solutions available to agencies today were not designed to 
meet the all-encompassing needs of large, Cabinet-level agencies. To 
address the lack of Government-wide standards, USSM has designed a 
methodology and governance structure for capturing and maintaining 
those standards, inclusive of required capabilities, data definitions, 
and the intersection of processes across multiple lines of business. 
The process to develop these standards involves many agencies working 
across administrative functions to deliver a Government-wide framework 
that can be the common baseline moving forward. While unique 
requirements do exist because of vastly different missions and 
statutory authorizations, it is a common belief that there is more 
about administrative functions that is alike than different. This work, 
coordinated by GSA USSM, will allow the Government to leverage its 
buying power for common capabilities and share the burden of 
maintaining and securing technology with industry. This is particularly 
critical as many of these common functions rely on legacy systems. With 
the right strategy, we cannot only retire these legacy systems, but 
also avoid building a new generation of future legacy systems by 
partnering with the private sector to get modern technology and keep 
that technology modern in the future.
    GSA's effort to advance shared services is about delivering a more 
efficient Government for the American people. The challenge we face 
collectively is how to manage the risk and reduce the barriers to 
successful modernization and migration. If we are successful in 
improving and consolidating mission support services, agencies will 
have resources to dedicate more time, energy, and funding to their 
missions to better satisfy the needs of the American public.
    I am grateful for the opportunity to speak with you today and look 
forward to working with the committee on our mutual goal of advancing a 
Government that works better and costs less.
    Thank you for your time today and I welcome any questions from the 
subcommittee.

    Mr. Perry. Thank you, Ms. Angerman.
    The Chair now recognizes Mr. Khan for an opening statement.

 STATEMENT OF ASIF A. KHAN, DIRECTOR, FINANCIAL MANAGEMENT AND 
        ASSURANCE, U.S. GOVERNMENT ACCOUNTABILITY OFFICE

    Mr. Khan. Good afternoon, Chairman Perry, Ranking Member 
Correa, and Members of the subcommittee.
    I am here to discuss our recent work on the Department of 
Homeland Security's effort to improve its financial management 
and reporting and the difficult challenges they face.
    I would like to thank the subcommittee for holding this 
hearing.
    DHS's ability to manage its operations and reasonably 
ensure effective financial management has been hampered by 
deficiencies in its internal controls and its financial 
management systems. These deficiencies contributed to our 
decisions in designating DHS's management functions, including 
financial management, as a high risk in 2003.
    DHS has received a clean opinion on its financial 
statements for the past 4 years, which is commendable; however, 
financial management system deficiencies have continued to 
persist and contribute to a material weakness in DHS internal 
controls over financial reporting.
    Today, I will discuss the results of our recent review of 
DHS efforts to modernize its financial management systems that 
will assist in sustaining the clean opinion on its financial 
statements and help achieve effective internal controls over 
financial reporting management decision making.
    We reported in 2013 on challenges related to DHS's previous 
attempts to implement a Department-wide integrated financial 
management system. We also reported on material weaknesses that 
limit DHS's ability to process, store, and report financial 
data. Since our last report, DHS has adopted a decentralized 
approach evaluating options for modernizing its systems, 
including the use of shared service providers.
    As part of this effort, DHS initiated their TRIO project 
focused on migrating three DHS components, the Domestic Nuclear 
Detection Office, the Transportation Security Administration, 
and the Coast Guard, to a modernized financial management 
system provided by the Department of Interior's Interior 
Business Center, the IBC.
    The TRIO project is a key effort to address longstanding 
system deficiencies. Assessing and managing the risks 
associated with the projects are essential to realizing DHS's 
modernization goals.
    In our recent review, we found that DHS and the TRIO 
components did not fully follow best practices for conducting 
alternatives analysis for modernizing their financial 
management systems or for managing the risks related to its use 
of IBC on the TRIO project. We have made recommendations to 
address these concerns.
    Certain key challenges impacting the TRIO project emerged 
from our interviews with DHS, IBC, OMB, and other oversight 
agencies. We grouped these challenges into five broad 
categories. First, project resources. IBC experienced 
significant turnover in key positions over the course of this 
project.
    Second, project schedule. Migrating the TRIO components to 
IBC within the original time frame was a significant challenge, 
given the overall magnitude and complexity of the project.
    Third, complex requirements. Early in the TRIO project, DHS 
and IBC agreed to use a newer and unproven technology in this 
environment, which introduced additional complexity to the 
project's requirements.
    Fourth, project costs. These increased significantly due to 
schedule delays, unanticipated complexities, and other 
challenges.
    Last, project management and communication. The TRIO 
project team primarily focused on the delivery of technology at 
the expense of other project management activities, such as 
organizational change management and communication management. 
Eventually, in January 2017, DHS and IBC formed a joint 
contingency plan working group to assess options for addressing 
these challenges. A few months later, DHS decided that 
migrating the TRIO components from IBC to a DHS data center was 
the best option for its path forward.
    Through continued reliance on compensating controls and 
complex manual workarounds, DHS has been able to achieve a 
clean audit opinion on its financial statements. However, DHS 
will continue to face challenges to establishing effective 
internal controls over financial reporting because of the lack 
of effective financial systems and related processes.
    Fully incorporating best practices and lessons learned from 
prior commutation efforts would help DHS achieve its goal of 
modernizing financial systems which are critical to 
establishing sound internal controls that safeguard assets and 
ensure proper accountability as well as provide reliable, 
timely, and useful information to support day-to-day decision 
making and oversight.
    To support this subcommittee's oversight, GAO will continue 
monitoring the Department's financial management improvement 
efforts.
    Chairman Perry, Ranking Member Correa, and Members of the 
subcommittee, this concludes my statement. I will be pleased to 
respond to any questions that you have at this time. Thank you.
    [The prepared statement of Mr. Khan follows:]
                   Prepared Statement of Asif A. Khan
                           September 26, 2017
    Chairman Perry, Ranking Member Correa, and Members of the 
subcommittee: I am pleased to be here today to discuss the findings 
from our report being released today on the Department of Homeland 
Security's (DHS) recent financial management system modernization 
efforts.\1\ Since DHS's creation in 2003, its ability to manage 
operations and reasonably assure effective financial management has 
been hampered by significant internal control and financial management 
system deficiencies. These deficiencies contributed to our decision to 
designate DHS's management functions, including financial management, 
as high-risk.\2\
---------------------------------------------------------------------------
    \1\ GAO, DHS Financial Management: Better Use of Best Practices 
Could Help Manage System Modernization Project Risks, GAO-17-799 
(Washington, DC: Sept. 26, 2017).
    \2\ GAO, High-Risk Series: Progress on Many High-Risk Areas, While 
Substantial Efforts Needed on Others, GAO-17-317 (Washington, DC: Feb. 
15, 2017), and High-Risk Series: An Update, GAO-03-119 (Washington, DC: 
January 2003). In 2013, we changed the name of this high-risk area from 
``Implementing and Transforming DHS'' to ``Strengthening DHS Management 
Functions'' to recognize DHS's progress in its implementation and 
transformation since its creation, as well as to focus on its remaining 
challenges in strengthening its management functions and integrating 
those functions across the Department. The ``Strengthening DHS 
Management Functions'' high-risk area includes challenges in 
acquisition, information technology, human capital, and financial 
management.
---------------------------------------------------------------------------
    In 2013, we reported on challenges related to DHS's previous 
attempts to implement a Department-wide integrated financial management 
system as well as specific actions and outcomes related to modernizing 
financial management systems that are critical to addressing high-risk 
issues.\3\ We also reported on the existence of certain material 
weaknesses that limited DHS's ability to process, store, and report 
financial data in a manner that ensures accuracy, confidentiality, 
integrity, and availability of data without substantial manual 
intervention.\4\ DHS subsequently adopted a decentralized approach to 
upgrade or replace legacy financial management systems and has been 
evaluating various options for modernizing its systems, including the 
use of shared service providers (SSP). As part of this effort, DHS 
initiated the TRIO project, which has focused on migrating the Domestic 
Nuclear Detection Office (DNDO), Transportation Security Administration 
(TSA), and U.S. Coast Guard (Coast Guard), or ``the TRIO components,'' 
to a modernized financial management system solution provided by the 
Department of the Interior's Interior Business Center (IBC). The TRIO 
project represents a key effort to address long-standing financial 
management system deficiencies, and DHS's efforts to effectively assess 
and manage risks associated with this project are essential to 
realizing its modernization goals.
---------------------------------------------------------------------------
    \3\ GAO, DHS Financial Management: Additional Efforts Needed to 
Resolve Deficiencies in Internal Controls and Financial Management 
Systems, GAO-13-561 (Washington, DC: Sept. 30, 2013).
    \4\ A material weakness is a deficiency, or a combination of 
deficiencies, in internal control over financial reporting such that 
there is a reasonable possibility that a material misstatement of the 
entity's financial statements will not be prevented, or detected and 
corrected, on a timely basis. A deficiency in internal control exists 
when the design or operation of a control does not allow management or 
employees, in the normal course of performing their assigned functions, 
to prevent, or detect and correct, misstatements on a timely basis.
---------------------------------------------------------------------------
    In 2013, the Office of Management and Budget (OMB) issued direction 
to agencies to consider Federal SSPs as part of their alternatives 
analysis.\5\ Subsequently, in May 2014, OMB and the Department of the 
Treasury (Treasury) designated IBC as one of four Federal SSPs for 
financial management to provide core accounting and other services to 
Federal agencies.\6\ In addition, Treasury's Office of Financial 
Innovation and Transformation's (FIT) responsibilities related to the 
governance and oversight of Federal SSPs were subsequently transferred 
to the Unified Shared Services Management office (USSM) after USSM was 
established in October 2015 as an entity within the General Services 
Administration.
---------------------------------------------------------------------------
    \5\ Office of Management and Budget, Improving Financial Systems 
Through Shared Services, OMB Memorandum M-13-08 (Washington, DC: Mar. 
25, 2013). According to this memorandum, agencies must consider, as 
part of their alternatives analysis, the use of a Federal SSP, and OMB 
will consider funding the use of commercial SSPs as an appropriate 
solution if the agency's business case demonstrates that a commercial 
SSP can provide a better value to the Federal Government than a Federal 
solution.
    \6\ Office of Management and Budget and Department of the Treasury, 
Reducing Costs and Improving Efficiencies Through Federal Shared 
Service Providers for Financial Management (May 2, 2014), accessed 
August 3, 2017, https://www.treasury.gov/connect/blog/Pages/Shared-
Service-Providers-for-Financial-Management.aspx.
---------------------------------------------------------------------------
    This statement summarizes our report that examined: (1) The extent 
to which DHS and the TRIO components followed best practices in 
analyzing alternatives, and the key factors, metrics, and processes 
used in their choice of a modernized financial management system; (2) 
the extent to which DHS managed the risks of using IBC for its TRIO 
project consistent with risk management best practices; and (3) the key 
factors and challenges that have impacted the TRIO project and DHS's 
plans for completing the remaining key priorities.
    To accomplish these objectives, we interviewed key officials and 
reviewed relevant documents. We compared the information we obtained 
to: (1) GAO-identified best practices for conducting an analysis of 
alternatives (AOA) process and related characteristics of a reliable, 
high-quality AOA process \7\ and (2) best practices published by the 
Software Engineering Institute (SEI) for preparing for risk management, 
identifying and analyzing risks, and mitigating identified risks.\8\ We 
also reviewed TRIO components' alternatives analyses documentation and 
evaluated their processes and related DHS guidance against the GAO-
identified 22 best practices for conducting an AOA process. In 
addition, we reviewed DHS's and the TRIO components' risk management 
guidance and compared documentation and information obtained supporting 
their risk management efforts to best practices published by SEI. We 
also met with DHS, IBC, FIT, and USSM officials as well as OMB staff to 
obtain their perspectives on key factors and challenges that have 
impacted the TRIO project and DHS's plans for completing remaining 
priorities. The work on which this statement is based was performed in 
accordance with generally accepted Government auditing standards. More 
details on our scope and methodology can be found in appendix I of our 
report.
---------------------------------------------------------------------------
    \7\ GAO, Amphibious Combat Vehicle: Some Acquisition Activities 
Demonstrate Best Practices; Attainment of Amphibious Capability to be 
Determined, GAO-16-22 (Washington, DC: Oct. 28, 2015). That report 
updated the AOA best practices initially published in GAO, DOE, and 
NNSA Project Management: Analysis of Alternatives Could Be Improved by 
Incorporating Best Practices, GAO-15-37 (Washington, DC: Dec. 11, 
2014). These AOA best practices are based on long-standing, fundamental 
tenets of sound decision making and economic analysis and were 
identified by compiling and reviewing commonly-mentioned AOA policies 
and guidance that are known to and have been used by Government and 
private-sector entities. App. II of our report provides additional 
details on GAO-identified AOA best practices and their relationship to 
the four characteristics of a reliable, high-quality AOA process; see 
GAO-17-799.
    \8\ Software Engineering Institute, Capability Maturity Model 
Integration (CMMI) for Acquisition, Version 1.3, CMU/SEI-2010-TR-032 
(Hanscom Air Force Base, MA: November 2010).
---------------------------------------------------------------------------
    In brief, we found that DHS and the TRIO components did not fully 
follow best practices for conducting an AOA process and managing the 
risks of using IBC on the TRIO project, and we made two recommendations 
to address these concerns. DHS agreed with both recommendations and has 
taken action or has plans to implement them. In addition, we found that 
insufficient resources, complex requirements, and other challenges have 
impacted the TRIO project and contributed to a 2-year delay now 
expected in the implementation of Coast Guard's and TSA's modernized 
solution. In May 2017, DHS determined that migrating away from IBC to a 
DHS data center represented the best path forward.
              dhs did not always follow aoa best practices
DNDO Substantially Met and Coast Guard and TSA Partially Met Best 
        Practices for Conducting AOAs
    During 2012 and 2013, the TRIO components each completed an 
alternatives analysis to determine a preferred alternative for 
modernizing their financial management systems. Based on our assessment 
of these analyses, we found that DNDO substantially met the four 
characteristics that encompass the GAO-identified 22 best practices for 
conducting a reliable, high-quality AOA process, while the Coast Guard 
and TSA both substantially met one and partially met three of these 
four characteristics. For example, although TSA's alternatives analysis 
substantially met the ``credible'' characteristic, it partially met the 
``well-documented'' characteristic, in part, because risk mitigation 
strategies, assumptions, and constraints associated with each 
alternative were not discussed in its analysis. Similarly, Coast 
Guard's alternatives analysis substantially met the ``comprehensive'' 
characteristic; however, it partially met the ``credible'' 
characteristic, in part, because there was no indication that it 
contained sensitivity analyses on the impact of changing assumptions on 
its overall costs or benefits analyses. Our assessment is summarized in 
table 1.

 TABLE 1: DHS TRIO COMPONENTS' ADHERENCE TO CHARACTERISTICS OF A RELIABLE, HIGH-QUALITY ANALYSIS OF ALTERNATIVES
                                                     PROCESS
----------------------------------------------------------------------------------------------------------------
                                                               Overall GAO Assessment
        AOA Characteristic        ------------------------------------------------------------------------------
                                          Coast Guard                    TSA                      DNDO
----------------------------------------------------------------------------------------------------------------
Well-documented..................  Partially met............  Partially met...........  Substantially met.
Comprehensive....................  Substantially met........  Partially met...........  Substantially met.
Unbiased.........................  Partially met............  Partially met...........  Substantially met.
Credible.........................  Partially met............  Substantially met.......  Substantially met.
----------------------------------------------------------------------------------------------------------------
Source: GAO assessment of TRIO component information. For additional information on the methodology used to
  assess TRIO components' adherence to characteristics of a reliable analysis of alternatives process, see GAO-
  17-799/GAO-17-803T.
Legend: Coast Guard = U.S. Coast Guard; DHS = Department of Homeland Security; DNDO = Domestic Nuclear Detection
  Office; TSA = Transportation Security Administration.

    Further, we found that DHS's guidance did not fully or 
substantially incorporate 5 of the GAO-identified 22 best practices. 
For example, although the guidance addressed risk management in general 
terms, it did not detail the need to document risk mitigation 
strategies for each alternative or address the need for an independent 
review--one of the most reliable means to validate an AOA process. 
Based on these analyses and other factors, the TRIO components 
determined that migrating to a Federal SSP represented the best 
alternative, and in 2014, DHS selected IBC as the Federal SSP for the 
project. However, because Coast Guard's and TSA's alternatives analyses 
did not fully or substantially reflect all of the characteristics noted 
above, we concluded that they are at increased risk that the 
alternative selected may not achieve mission needs. In our report, we 
made a recommendation for DHS to develop and implement effective 
processes and improve guidance to reasonably assure that future 
alternatives analyses fully follow AOA process best practices and 
reflect the four characteristics of a reliable, high-quality AOA 
process. In commenting on our report, DHS concurred with GAO's 
recommendation and stated that it has issued guidance and instructions 
that addressed the recommendation. As part of our recommendation 
follow-up process, we will review DHS's guidance and other relevant 
information.
 dhs met three and partially met four best practices for managing the 
                risks of using ibc for the trio project
    Risk management best practices call for the identification of 
potential problems before they occur so that risk-handling activities 
can be planned throughout the life of the project to mitigate adverse 
impacts on achieving objectives. These best practices involve the 
following goals: Preparing for risk management, identifying and 
analyzing risks, and mitigating identified risks.\9\ Based on our 
evaluation, we found that DHS's processes did not fully follow best 
practices for managing project risks related to its use of IBC on the 
TRIO project. Specifically, we determined that DHS's processes met 
three of seven risk management best practices but partially met the 
remaining four best practices largely because its guidance did not 
sufficiently address these best practices. For example, although DHS 
created joint teams with IBC and provided additional resources to IBC 
to help address mitigation concerns, it did not always develop 
sufficiently detailed risk mitigation plans that included contingency 
plans for selected critical risks in the event that their impacts are 
realized. As a result, although IBC's capacity and experience for 
migrating large agencies the size of Coast Guard and TSA was identified 
as a risk in July 2014, a contingency plan working group to address 
this and other concerns was not established until January 2017. Table 2 
summarizes the extent to which DHS followed these seven best practices 
for managing TRIO project risks.
---------------------------------------------------------------------------
    \9\ Software Engineering Institute, CMMI for Acquisition, Version 
1.3.

     TABLE 2: DEPARTMENT OF HOMELAND SECURITY'S ADHERENCE TO BEST PRACTICES FOR MANAGING TRIO PROJECT RISKS
----------------------------------------------------------------------------------------------------------------
              Best Practice                            Practice Statement                   GAO Assessment
----------------------------------------------------------------------------------------------------------------
Goal 1: Prepare for risk management:
 Preparation for risk management is
 conducted:
      Determine risk sources and           Determine risk sources and categories....  Met.
       categories.
      Define risk parameters.............  Define parameters used to analyze and      Partially met.
                                            categorize risks and to control the risk
                                            management efforts.
      Establish a risk management          Establish and maintain the strategy to be  Met.
       strategy.                            used for risk management.
Goal 2: Identify and analyze risks: Risks
 are identified and analyzed to determine
 their relative importance:
      Identify risks.....................  Identify and document risks..............  Partially met.
      Evaluate, categorize, and            Evaluate and categorize each identified    Met.
       prioritize risks.                    risk using defined risk categories and
                                            parameters, and determine each risk's
                                            relative priority.
Goal 3: Mitigate risks: Risks are handled
 and mitigated as appropriate to reduce
 adverse impacts on achieving objectives:
      Develop risk mitigation plans......  Develop a risk mitigation plan in          Partially met.
                                            accordance with the risk management
                                            strategy.
      Implement risk mitigation plans....  Monitor the status of each risk            Partially met.
                                            periodically and implement the risk
                                            mitigation plan as appropriate.
----------------------------------------------------------------------------------------------------------------
Source: Software Engineering Institute (best practices) and GAO analysis of DHS data. For additional information
  on the methodology used to assess DHS's adherence to risk management best practices, see GAO-17-799/GAO-17-
  803T.
Legend: DHS = Department of Homeland Security; Met = DHS-documented processes generally satisfied all elements
  of the specific practice; Partially met = DHS-documented processes generally satisfied some but not all
  elements of the specific practice.

    According to DHS officials, DHS relied heavily on IBC to manage 
risks associated with the TRIO project and, in particular, those for 
which IBC was assigned as the risk owner. They also acknowledged DHS's 
responsibility for overseeing IBC's TRIO project risk management 
efforts and described various actions taken to address growing concerns 
regarding IBC's efforts, such as offering DHS assistance to IBC's 
project management functions to help reduce exposure of underlying 
risks. Despite these efforts, DHS officials stated that challenges 
associated with the interagency agreement structure and terms of the 
performance work statement with IBC on the TRIO project limited DHS's 
visibility into IBC's overall cost, schedule, and performance controls 
and ability to oversee IBC's risk management efforts.
    Further, the issues associated with the best practices we assessed 
as partially met were largely attributable to limitations in DHS and 
TRIO project guidance and policies. We concluded that by not adopting 
important elements of risk management best practices into project 
guidance, DHS and the TRIO components increase the risk that potential 
problems would not be identified before they occur and that activities 
to mitigate adverse impacts would not be effectively planned and 
initiated.
    In our report, we made a recommendation for DHS to improve its Risk 
Management Planning Handbook and other relevant guidance for managing 
risks associated with financial management system modernization 
projects to fully incorporate risk management best practices. In 
commenting on our report, DHS concurred with GAO's recommendation and 
identified actions it plans to take to implement it.
 key factors and challenges impacting the trio project and dhs's path 
                                forward
    DHS, IBC, FIT, and USSM officials and OMB staff identified several 
key factors and challenges that have impacted the TRIO project, which 
we grouped into five broad categories: Project resources, project 
schedule, complex requirements, project costs, and project management 
and communications. Examples of the key factors and challenges that 
were identified for each of these categories include:
   Project resources.--Concerns about IBC's experience and its 
        capacity to handle a modernization project involving agencies 
        the size of Coast Guard and TSA were identified as significant 
        risks in July 2014, prior to DHS and IBC's entering the TRIO 
        project implementation phase in August 2014. According to DHS 
        officials and documentation, IBC encountered Federal employee 
        hiring challenges and was unable to ramp up and deploy the 
        resources necessary to meet required deliverables and 
        experienced significant turnover in key leadership and TRIO 
        project positions over the course of the project. IBC officials 
        acknowledged these challenges and that staff assigned early in 
        the project lacked the experience and expertise necessary for 
        managing large-scale projects and, as a result, many of the 
        risks initially identified were not effectively addressed.
   Project schedule.--Migrating the TRIO components to IBC 
        within original time frames was a significant challenge given 
        the overall magnitude and complexity of the TRIO project. DHS 
        identified delays in stabilizing the production environment 
        after DNDO's migration to IBC and in meeting proposed baseline 
        schedules for implementing Coast Guard and TSA on the 
        modernized solution.
   Complex requirements.--DHS, IBC, FIT, and USSM officials 
        acknowledged the overall complexity of the TRIO project and 
        that the lack of a detailed understanding of the components' 
        requirements earlier in the project affected IBC and DHS's 
        ability to satisfy the requirements as planned. USSM and FIT 
        officials told us that under the shared services model, the 
        approach for onboarding new customers usually involves 
        migrating to a proven configuration of a solution that is 
        already being used by the provider's existing customers. 
        However, rather than taking this approach, DHS and IBC agreed 
        to implement a more recent version of Oracle Federal Financial 
        software (version 12.2) with integrated contract life cycle and 
        project modules, increasing the complexity of TRIO project 
        requirements. A FIT official told us that the functionality of 
        this more recent version of software is very different than 
        that of the version IBC's existing customers used and that IBC 
        did not have the needed Government personnel with knowledge and 
        experience associated with it.
   Project costs.--Estimated costs of the TRIO project 
        significantly increased because of schedule delays, 
        unanticipated complexities, and other challenges. According to 
        a January 2017 summary prepared by DHS, estimated IBC-related 
        TRIO project implementation costs through fiscal year 2017 
        increased by approximately $42.8 million (54 percent) from the 
        $79.2 million provided in the original August 2014 interagency 
        agreement with IBC, in part, to address challenges affecting 
        the project.
   Project management and communication.--DHS officials 
        expressed concerns regarding the effectiveness of IBC's project 
        management efforts, including cost, schedule, and change 
        management. They also stated that DHS provided significant time 
        and resources to make up for fundamental project management 
        activities that were under IBC's control and not performed. 
        They also acknowledged challenges in DHS's project management 
        and communication efforts and identified lessons learned to 
        help improve future efforts, such as being more prepared for 
        organizational changes and centralizing program management 
        functions to help reduce duplicate efforts across components. 
        According to USSM officials, the TRIO project team focused an 
        unbalanced portion of its efforts on the delivery of technology 
        at the expense of organizational change management, 
        communication management, and other project management areas. 
        An OMB staff member concurred with the lessons learned 
        identified by DHS and noted the importance of DHS having well-
        defined requirements for the project and better coordination to 
        achieve the desired outcomes.
    These challenges contributed to a 2-year delay now expected in the 
implementation of Coast Guard's and TSA's modernized solution. To help 
address them, DHS and IBC established review teams and have taken other 
steps to assess potential mitigating steps. For example, in January 
2017, DHS and IBC established a joint contingency plan working group 
(CPWG) to assess viable options for addressing stakeholder concerns and 
key TRIO priorities moving forward. In February 2017, DHS and IBC 
presented two options for addressing these concerns, and in April 2017, 
the CPWG recommended moving away from IBC to a commercial service 
provider as the best course of action to complete TRIO project 
implementation. In May 2017, DHS determined that this option was not 
viable and that migrating the solution from IBC to a DHS data center 
represented the best option and initiated discovery efforts to further 
assess this as its path forward for the TRIO project. As of August 
2017, results of these efforts were under review by DHS leadership. As 
the path forward is still evolving, it is too early to determine the 
extent to which these challenges, and DHS's efforts to effectively 
address them, will impact DHS's ability to achieve TRIO project goals.
    In commenting on our report, DHS stated that it remains committed 
to its financial system modernization program and that it will continue 
to apply sound program and risk management best practices to achieve 
its modernization goals.
    Chairman Perry, Ranking Member Correa, and Members of the 
subcommittee, this concludes my statement. I would be pleased to 
respond to any questions you may have at this time.

    Mr. Perry. The Chair thanks the gentleman.
    The Chair now recognizes himself for 5 minutes for 
questioning.
    I guess I will start with you, Mr. Fulghum. I don't have to 
say, you know, what, $50 million the first time, $124 million 
this time. I appreciate you saying the buck stops with you, and 
I understand to a certain extent that maybe this wasn't your 
idea how this should be with the shared services model, but you 
were told that is what you were going to do and it was your 
mission when you moved out.
    But you must understand, and I am sure you do, that we 
can't accept that loss of money, that expenditure, without 
having a viable product all these years later now.
    One of your other testifiers there talked about the 
deliverables, and I will ask her about that because I think she 
said there is some value that has been retained here.
    But to me, you served your country in uniform, and I am 
sure you are well familiar with these processes, but any kind 
of project, you know, whether it is attacking the enemy or 
whether it is cleaning the hangar, you have got some 
milestones, right? You know you have got to get past some 
things and evaluate your circumstances, see where you are and 
see if you are on track.
    It doesn't seem to me, and I might be wrong, so I will ask 
Ms. Singer at some point, too, but from your standpoint when 
you signed this agreement, when you agreed to this whole 
prospect, were there milestones in place? If there were, 
briefly, what were they?
    If there were milestones to make sure that you stayed on 
track, it seems like at this point that we have failed to meet 
them or recognize them or we just blew past them. What the heck 
is going on here?
    Mr. Fulghum. So first of all, what I would say is, and to 
Michele's point, we do have a system that is functioning and 
working and we can talk about that. But as far as the 
milestones go, we had an integrated schedule and we sat down 
routinely and looked at that schedule. Showing that schedule 
was green, green, green in around the May time frame of 2016, 
it was turned to yellow and red.
    At that point, I called the folks together, including IBC, 
her former colleague, and said, what the heck is going on? We 
stopped the project at that point. We sat down with them and 
said, what can we do to course correct? We put some things in 
place in terms of incremental releases, more frequent check-
ins, increased oversight and some other things and also 
provided some resources to IBC. We were able to DNDO up and 
running.
    Subsequently to that, we began on TSA's effort and again 
the schedule started to go south. That's about the time Michele 
showed up, we sat down again because of their inability to 
adequately resource themselves as well as what I would say is a 
misunderstanding of requirements of a large, complex Federal 
agency that would be a standardized solution for that type of 
agency, we made the decision to part ways.
    But we do have a solution that is functioning, is making 
payments, is writing contracts, is producing financial 
statements and is the foundation of the system moving forward, 
which is why we made the decision to continue.
    Mr. Perry. You just elaborated on the two times that you 
stopped it.
    Mr. Fulghum. So, yes, sir. We stopped it before we 
ultimately got DNDO up and running. Then along with IBC we made 
the decision to end the relationship, as she said, in January 
2017.
    Mr. Perry. Was that, the ending of the relationship, was 
that envisioned, so to speak, or at least some tenet of what 
would precipitate that in the original agreement? So say this 
is what we want to get accomplished, these are our milestones, 
if you can't get it done we are going to be done because of 
this, this, and this. Was that envisioned at the genesis of the 
agreement, or was that never considered?
    Mr. Fulghum. It wasn't in the agreement.
    Mr. Perry. So if it is not in the agreement, it doesn't 
seem like we are going to be very efficient.
    Now, I am going to talk to Ms. Singer here for a moment. I 
guess my point to that is that, yeah, while you agreed to part 
ways, I am not sure we got the best value out of the deal. If 
somebody, you know, if somebody is working on my house, and I 
have an agreement, and I am going to pay you $50,000 to do X 
work on the house, and I know that I am going to terminate it 
at some point if you don't perform, I am going to want some of 
my money back or I am going to want, you know, X amount of work 
done.
    But that all has to be determined up front, you can't wait 
until you are in the middle of the construction to figure that 
out. It is too late, feelings are hurt, so on and so forth.
    Really quickly, and maybe we will do a second round here, 
Ms. Singer, you said there were value of assets to be 
transferred. What is the value? So we spent $124 million on 
this round. What do you consider the value of the assets to be?
    Ms. Singer. The valuable assets I speak of is Oracle 
Federal Financial 12.2, the system that was developed, coded, 
tested, and implemented for DNDO. In the next quarter of this 
fiscal year, we will have released 3.0 which will include 80 
percent of the functionality needed for TSA and Coast Guard.
    So at this point, the operational system that DNDO is using 
every day will be available for DHS to manage in one of their 
data centers and bring live TSA and Coast Guard in the coming 
years.
    Mr. Perry. So we are 60 percent over budget. I think the 
original estimate was $70-some million, we are $124 million. 
What do you assess the value to be? Because we have got DNDO 
up, right? We have got a shell or a structure or a foundation 
for TSA, we have got nothing for Coast Guard. So we have paid 
60 percent more, is that the value of it? I mean, are you 
saying that was worth $124 million? Did we just miss the 
estimate?
    Ms. Singer. I absolutely believe the estimate was missed. 
Now, my assessment is based on the record assessment of 
historical agreements back and forth, the best I could 
determine in the last 18 months that I have been managing this.
    I also think it highlights IBC at the time did not 
understand the complexity and the needs of an agency like DHS. 
They were vastly larger than anything we had undertaken. Our 17 
other agencies that reside on Oracle Federal Financial 12.1 use 
a common solution and we are the No. 1-rated financial services 
provider in customer service to those 17 agencies.
    So the underestimation of the magnitude of the effort on 
both sides was real. But as the director of the shared service 
provider looking back over the record, I am extremely 
disappointed that I had predecessors who did not recognize that 
at the time and exercise more discipline both internally in 
their own organization in IBC as well as as a provider with DHS 
to help prevent some of the delays and cost overruns.
    Mr. Perry. All right, thank you.
    My time is long expired.
    The Chair now recognizes Ranking Member Correa.
    Mr. Correa. Thank you, Mr. Chairman.
    First of all, to the witnesses, thank you very much for 
your testimony.
    Mr. Fulghum, a quick question. Given all of the challenges 
that we are talking about here, cyber attacks, are we more 
vulnerable, less vulnerable? Where are we with that, protecting 
our data from the bad guys?
    Mr. Fulghum. I mean, what I would tell you is I call it a 
full-contact sport and we have to be diligent 24/7. We have 
real threats out there each and every day.
    Mr. Correa. Are we more vulnerable than usual or have we 
taken care of business?
    Mr. Fulghum. I think we have done everything we can to 
protect ourselves.
    Mr. Correa. Thank you very much.
    Ms. Singer, very quickly, we talked about the Oracle 
system. The Chairman talked about ownership, what we got out of 
our investment. Oracle 3.0, is that what you said? Who owns 
that? Do we own that or does Oracle? Is that something 
proprietary to Oracle? When we need to, you know, work it, 
modify it, does Oracle come in and do it or our in-house folks 
do it?
    Ms. Singer. It can be a combination. We have in-house folks 
who have some skills in modifying the system. But generally, we 
do work with industry. It is always a public/private.
    Mr. Correa. How is the contract written? Is it proprietary 
or non-proprietary?
    Ms. Singer. It is not proprietary. The underlying system is 
proprietary to Oracle, the out-of-the-box system. However, when 
it is coded and additional functionality is added, that is 
generally by another----
    Mr. Correa. So whatever asset we have, we can possibly use 
that since we own it in other areas of government.
    Ms. Singer. Absolutely.
    Mr. Correa. Given all the lessons learned.
    Ms. Singer. Absolutely, this asset----
    Mr. Correa. So possibly we do have something of value there 
that we are getting out of taxpayer dollars.
    If I can now move to Ms. Angerman. USSM's role in 
partnership between DHS and the Interior Business Center, IBC, 
how engaged with USSM during the discovery phase in the 
implementation of the IBC solution?
    Ms. Angerman. Thank you for your question. USSM was set up 
in 2015 and so the project was very much in flight when USSM 
was created. We, however, engaged with the program on a fairly 
regular basis to share what we knew to be best practices and 
lessons learned on how a shared service can be best 
implemented.
    Mr. Correa. Now, the lessons learned that were articulated 
by IBC, DHS, both thought it was clear that DNDO was failing 
the migration. The TSA migration would also be delayed. So 
Coast Guard, where were we with that migration?
    Ms. Angerman. I think that question may be best answered by 
Mr. Fulghum who can provide the status of that program.
    Mr. Correa. Mr. Fulghum.
    Mr. Fulghum. So currently, we are in the final stages of 
planning to transition from IBC to our own data center. Right 
now, our notional schedule says, based on funding and some 
other things, that we believe we can have it up and running in 
fiscal year 2021.
    Mr. Correa. Another question, Ms. Angerman. After all these 
attempts to standardize into a single platform, are we going to 
centralize or decentralize? What are we doing right now in 
terms of the philosophy? I find that sometimes we take a shot 
at an effort and sometimes we find that maybe there are 
shortcomings, so then we take a policy swing from 
centralization to decentralization. How would you characterize 
right now the status in terms of implementing solutions to 
these problems?
    Ms. Angerman. I would characterize right now as taking a 
step back and really looking at what we have learned today, 
both from this program and from others that have attempted 
these kinds of transformational efforts.
    I think we have two options for moving forward. One is we 
step back and we go back to a decentralized model and we let 
every agency build their own finance systems and H.R. systems 
and then we figure out how to keep those modern and funded. Or 
we agree that we want to consolidate that IT and we want to 
mitigate that risk for taxpayers and we want to get scale for 
the Government.
    Mr. Correa. I am running out of time, so let me quickly--we 
just talked about Oracle, we have got some value there. So 
could that be used in the decentralization process?
    Ms. Angerman. We don't know yet. The truth is that we need 
to sit down as a Government and include all of the agencies in 
a discussion about what requirements we actually have for 
future financial management systems, inclusive of large and 
small agencies.
    We need to be able to articulate that as a Government and 
speak with one voice as what we need, and then we will be able 
to assess solutions, both that are in Government today and 
potentially new solutions from industry that can help us 
satisfy financial management needs holistically.
    Mr. Correa. Mr. Chair, I yield.
    Mr. Perry. The Chair thanks the gentleman.
    The Chair now recognizes Mr. Higgins from Louisiana.
    Mr. Higgins. Thank you, Mr. Chairman.
    Colonel Fulghum, thank you for your service of 28 years, 
sir. Your resume is very, very impressive. As an old soldier, I 
would imagine that looking at your resume if you can't get this 
thing done, I can't imagine who could. So although I recognize 
you as a gentleman of great accomplishment, and I also 
recognize in your spirit, sir, and read within your statements 
great frustrations of what has unfolded and transpired over the 
last years. Would that be an accurate assessment?
    Mr. Fulghum. I share the committee's frustration.
    Mr. Higgins. OK.
    Ms. Singer, in your opening statement, you stated that to 
achieve strong adoption of standard business processes, 
customer agencies must evaluate their complex business 
processes with a willingness to differentiate and potentially 
eliminate disparate processes that are not legally mandated. 
That was many syllables in one sentence. But to me, that means 
eliminate unnecessary duplicative policies and procedures.
    The GAO report cites IBC officials describing DHS's 
approach to project management often resulted in duplicated 
meetings and lengthy decision-making process involving several 
officials and multiple review and approval processes.
    Colonel, did you have the authority to eliminate during the 
course? I realize you are dealing with multiple bureaucracies 
and perhaps what would be recognized by the citizens that we 
serve as the very worst manifestation of heavy bureaucracy in 
the Federal Government, and you were in charge of a large 
project. Did you have the authority to eliminate some of these 
unnecessary lengthy meetings and multiple reviews and approval 
processes?
    Mr. Fulghum. Yes, sir, and we did.
    Mr. Higgins. Did you find during the course of your efforts 
to make this thing work, did you find resistance out of the 
Executive branch or out of any of the alphabet branches that 
you were working with? Has that resistance dissipated over the 
course of the last 6 months?
    Mr. Fulghum. I think there was a persistence to head toward 
the Federal shared services model under the previous 
administration. I have seen an increased adaptability to the 
model we are going to under this administration.
    Mr. Higgins. Thank you, sir.
    I would like to ask, I believe, you, Colonel, and Ms. 
Singer, any member of the panel that could answer this, were 
any private models, best-practice models from private 
endeavors, large, massive entities like Walmart or Home Depot, 
Lowe's, they have gone through modernization processes through 
the course of their existence, were any private models used or 
brought in to study their best practices?
    Mr. Fulghum. Yes, sir. During our analysis of alternatives, 
we looked at the private sector. In addition to that, we had an 
independent look at what the private sector is currently doing.
    Mr. Higgins. Did you find that--I am honing in on something 
here.
    Mr. Fulghum. Yes, sir.
    Mr. Higgins. The Chairman clearly pointed out that private 
businesses have to modernize all the time. We do it with the 
most efficient means by which moving forward that we can 
possibly find and determine. I am asking, is the bureaucracy of 
the agencies that you are working with so thick that the common 
best practices found in private industry toward modernization 
just doesn't quite work?
    Mr. Fulghum. I would say it is a challenge working in the 
bureaucracy. That said, our independent look showed that large 
corporations also failed in terms of modernizing their systems, 
so they didn't always get it right either.
    Mr. Higgins. Can you give us an example of that?
    I am sorry, Mr. Chairman, I am over my time.
    Mr. Fulghum. I don't have a specific example of a 
corporation, but we can certainly provide the committee with 
the results of our analysis.
    Mr. Higgins. That would be interesting to review. Thank you 
for your answer and thank you for your service, sir.
    Mr. Chairman, I yield.
    Mr. Perry. The Chair thanks the gentleman.
    The Chair recognizes the gentlelady from California, Ms. 
Barragan.
    Ms. Barragan. Thank you, Mr. Chairman.
    Ms. Angerman, do you know what processes and criteria DHS 
used to select IBC as its SSP for financial management?
    Ms. Angerman. Thank you for your question. I know that the 
process that they went through at DHS to select IBC was largely 
driven by the memorandum M13-08 to direct agencies to a shared 
service provider.
    Ms. Barragan. Do you know if DHS and IBC if they did at all 
communicate to ensure whether the systems were interoperable 
such that IBC's system could fully integrate DHS's system?
    Ms. Angerman. I am aware that during the discovery process 
they went into some depth to discuss what the integration needs 
would be with other systems that would remain at DHS.
    Ms. Barragan. Who was responsible for identifying and 
reconciling discrepancies between IBC's systems capabilities 
and DHS's system requirements?
    Ms. Angerman. That is the purpose of the discovery process, 
which is that they sit down and they talk about the way that 
the process exists today at the customer agency, how the 
process works at the shared service provider, and they try to 
close those gaps and figure out how they will change their 
processes to adapt to the solution.
    Ms. Barragan. Thank you.
    Mr. Fulghum, you talked a little bit about at some point 
you realized something was wrong and you all sat down to talk 
about it. How far after everything started did you realize that 
things were going wrong?
    Mr. Fulghum. If I recall correctly, it was about 8 months 
in.
    Ms. Barragan. When we were 8 months in, did you realize 
that the Government was going to spend millions more than what 
was initially projected?
    Mr. Fulghum. That was a part of when we paused the program. 
It clearly looked like we were off schedule and that we were 
going to have to expend additional resources, yes. But that is 
when we went through the replanning effort to see if we could 
turn the program around, which, again, we did deliver DNDO on 
time. Not on budget, but on time.
    Ms. Barragan. Then how much longer after that did you all 
decide that this wasn't going to work and you terminated?
    Mr. Fulghum. If I remember right, we began those 
discussions the following April and eventually determined that 
we wouldn't be able to do it.
    Ms. Barragan. So pretty early on.
    Ms. Angerman, how do inadequate financial systems affect 
the operational capacity of DHS?
    Ms. Angerman. Inadequate financial systems insomuch that 
they are legacy systems that need to be modernized introduce 
risk to being able to have access to data in a timely fashion 
and to be able to have consistent data across the Department to 
be able to make key decisions.
    Ms. Barragan. So is this system used to try to determine if 
projects are on track cost-wise?
    Mr. Fulghum. So this system provides financial information 
that can inform future decisions around acquisitions or other 
things if that is what you are asking.
    Ms. Barragan. Well, I am just thinking, at a time when the 
administration is attempting to divert resources to projects 
like the border wall, I am curious to know if Congress and DHS 
management will have access to a full financial picture of the 
Department and where they are in these projects.
    Mr. Fulghum. So the Department has consolidated financial 
reporting today. We use business intelligence to get it. We 
have financial information that we produce every month from a 
consolidated nature, so, yes, we have a complete picture of the 
Department's finances.
    Ms. Barragan. OK. I will yield back.
    Mr. Perry. The Chair thanks the gentlelady.
    The Chair recognizes the gentleman from Texas, Mr. 
Ratcliffe.
    Mr. Ratcliffe. Thank you, Mr. Chairman.
    Thank all the witnesses for being here today.
    We spend a lot of time, it seems, talking about what went 
wrong when you realized things went wrong, basically how we got 
here and the different initiatives ending in wasting $56 
million, I think, and then $124 million.
    So having said all that, I guess what I really want to know 
and what I haven't heard yet is, why should Congress have any 
assurance that the next attempt will be successful, especially 
given how aggressive the schedule appears to be?
    I want to start with you, Mr. Fulghum, and give you a 
chance to answer that.
    Mr. Fulghum. So first of all, again, we do have the 
foundation of a solution that works. We know a lot more than we 
knew 2 years ago.
    Mr. Ratcliffe. Well, let me stop you there.
    Mr. Fulghum. Yes, sir.
    Mr. Ratcliffe. Because you say that, but I heard the 
answers, some of the responses from Ms. Singer and Ms. 
Angerman, and what I heard was talking about lessons learned 
from where we were.
    Ms. Angerman, you said, well, we need to step back and 
decide whether or not to be decentralized and then you started 
and you weren't able to finish that answer.
    Ms. Singer, you said, you know, we didn't understand the 
need of DHS. That is a lot of don't knows and don't 
understands. That doesn't inspire a whole lot of confidence, so 
that is the context of my question.
    Mr. Fulghum. OK. So what I would say is they didn't know 
and didn't understand. They have a much better appreciation 
today of our requirements. The solution meets 75 percent of our 
requirements. As Ms. Singer said, when 3.0 comes in October, we 
will be at over 80 percent. That is how the system was 
originally designed. DNDO was to be a pilot with the basic 
foundation for an integrated solution, add TSA's functionality 
and then add the Coast Guard's. So that is why I say that we 
have a system that works to build on.
    Mr. Ratcliffe. Thank you, Mr. Fulghum.
    Ms. Singer. Ms. Angerman, I will give you a chance to sort-
of weigh in and give your perspective on that as well. But I 
want to ask this question in connection with giving your 
answer, and that is, if there are lessons learned and there is 
a foundation for a solution going forward, what is the biggest 
risk that DHS still has to identify or mitigate at this point 
with respect to financial management and reporting systems?
    Ms. Singer. Thank you for that question. I think the 
biggest risk for any large, complex, federated agency--and the 
federated part is important because its component parts are 
vital, unique, or brought in to be part of the whole with their 
disparate systems and processes that they have brought with 
them--the biggest risk will always be finding a baseline that 
as many of those component parts can live with as possible and 
meet their vital and important business needs as well as be 
auditable and of sound financial organization.
    I think no one is better situated than DHS headquarters to 
understand that need. I see no one more committed than Mr. 
Fulghum, his leadership team to bring discipline to that 
effort. But it is an enormous challenge. The Department of the 
Interior went through it and that is an agency more than 150 
years old, smaller, and less complex, but still struggled 
mightily in implementing one consolidated financial system. I 
lived through that and understood the complexities and that 
will always be the largest challenge.
    It will leave the question whether a large, complex, 
federated agency like DHS or others in the Federal Government 
belong with one of the existing shared service providers or 
whether they are best-suited with help from industry and 
guidance from best practices to consolidate on their own. I 
think the platform they have now provides that opportunity.
    Mr. Ratcliffe. Ms. Angerman, I will give you a chance to 
weigh in on those points and questions.
    Ms. Angerman. Thank you. I would largely agree with Ms. 
Singer's comments. I would say that DHS has recognized that 
this will continue to be a challenge and they have created a 
joint program management office at headquarters and staffed it 
appropriately so that they are prepared to address challenges 
going forward.
    I would also say that this is an important lesson learned 
for the Government at large. So my comments about stepping back 
is that when we think about the strategy for shared services at 
large for the Government and what we are going to do going 
forward, this is really important data for us.
    In addition to some of the best practices, we have learned 
by talking to Fortune 500 companies who have had the same 
challenges when they tell us this is equally as hard for them 
to do, but where it has also been a proven best practice. All 
of that is really helping us to move forward with a better 
strategy.
    Mr. Ratcliffe. Thank you.
    My time is expired. I yield back.
    Mr. Perry. The Chair thanks the gentleman from Texas.
    The Chair recognizes the gentleman from Kansas, Mr. Estes.
    Mr. Estes. Thank you, Mr. Chair.
    In my prior life before I ran for public office, I did some 
of this work, so I have got a little bit of understanding of 
some of the problems that you have run into in a complex 
project like that.
    I want to talk a little bit more about where are we going 
to go from here, I mean, what is the path forward, which is 
part of what we talked about in some of the notes here.
    So basically, we are pulling this into an operation by DHS 
and kind-of moving away from the shared services concept and 
moving forward. That is the plan right now with the use of the 
software?
    Mr. Fulghum. So what I would characterize it is we are 
moving from DOI's environment into DHS's and it will be a 
private cloud offering. We still have a shared service, just an 
internal shared service provider. So the Coast Guard is 
providing the accounting support today for those three 
entities. We will have one integrator contractor that will 
provide those platform services for all three components; it is 
just we are no longer asking for services from another Federal 
agency.
    Mr. Estes. OK, that makes sense to some degree from a 
strategy, I guess. But there is probably another question for 
another hearing in terms of talking about where we go with the 
shared services model at the total Federal level, but not to 
sidetrack from that.
    Ms. Singer, one of the things you talked about was that we 
were 80 percent of the way with Coast Guard and with TSA, and I 
guess expectations are first quarter of 2018 we would have the 
TSA software up and available. Is that 80 percent functioning 
and provides 80 percent of the functionality that we wanted, or 
is it 80 percent of the way to being developed and programmed 
and tested?
    Ms. Singer. I believe what we mean by that is delivering 80 
percent of the desired functionality. There are interfaces to 
be developed and a couple of key components that DHS must 
decide whether or not they want to develop and implement that 
they are best-situated to make that decision.
    For a shared service provider, like the Interior Business 
Center, those would be developments that I could not offer or 
provide to any other agency. They are very specific to DHS. 
That is why it doesn't fit within this particular shared 
service model, but that does not mean that they are not 
necessary or vital to DHS to be able to carry out their 
important mission.
    It is just that last 20 percent of requirements will be for 
DHS to further develop and implement. But the full system is 
operating. For that functionality that they would like to see 
come on-board soon, there also exists workarounds. It allows 
the work to be done, but may be not in exactly the way they 
would like to see it.
    Mr. Estes. So is the Oracle software platform going to be 
used by the Coast Guard to provide that support for TSA?
    Mr. Fulghum. Yes, sir, same platform. I would describe it a 
little bit differently than Michele. DNDO is a basic 300-person 
operation. TSA has got about 60,000 employees, but their basic 
operation is fairly straightforward. The Coast Guard has a much 
more complex organizational structure and business practice 
than TSA. So when we get the 3.0 for TSA it will work for TSA. 
We need the last 20 percent to add some increased functionality 
because of the complexity of the Coast Guard.
    Mr. Estes. So going back to TSA and whether we are up and 
running, I mean, how are we going to use that for TSA? So what 
is the functionality that is going to be used for TSA come 
first quarter of 2018 if we are not using the software or going 
live with the software for them?
    Mr. Fulghum. So today we will stay on the system that we 
are on and continue to stay on the legacy system until we are 
ready to migrate into the new solution.
    Mr. Estes. OK. One final question that I know may run 
longer than the time I have in terms of the answers. How much 
have we modified this software so that it makes upgrades 
difficult and complex and maybe even impact the ability to use 
future upgrades provided by the vendor in the future?
    Mr. Fulghum. Well, I will start and Michele probably has 
more expertise than I do, but the out-of-the-box commercial 
software we are not modifying. What we are describing is, and 
it provides some integrated solution in terms of procurement, 
what we are talking about is other interfaces for property, 
logistics management and those type of things that interface 
with the solution. But the software itself we are not 
modifying.
    Ms. Singer. There are significant additional functionality 
interfaces, as Mr. Fulghum noted, to the extent, I mean, if you 
looked at lines of code that have been written or 
modifications, what we call the requirements traceability 
matrix will show a significant number of changes in order to 
meet the DHS business needs.
    I do believe there are methods to ensure upgrades, enhanced 
security, and continued security of the system. It is not 
modified outside the realm of what can be continuously secured 
and updated.
    Mr. Estes. Thank you.
    I am out of time. I yield back.
    Mr. Perry. The Chair thanks the gentlemen.
    We will go for a second round as long as we can.
    Ms. Angerman, it is my understanding, so I just want to 
make sure I am correct here, that your agency provides input 
and advice on best practices related to design and execution. 
Is that generally speaking correct?
    Ms. Angerman. Yes, that is correct, sir.
    Mr. Perry. OK. So, Mr. Khan, in your testimony, you said 
that, and I want to make sure once again I am correct, that, in 
your opinion, based on your investigation, that the agency 
didn't follow best practices. Is that correct?
    Mr. Khan. Best practices was in terms of the alternatives 
analysis. We found that DNDO followed all the best practices. 
These are industry best practices so, I mean, they are well-
known in the industry. However, TSA and Coast Guard did not 
follow all elements of the best practices to result in a high-
quality, reliable alternatives analysis.
    Mr. Perry. Were you able to determine why they wouldn't? I 
mean, has that question been asked or do I need to ask Mr. 
Fulghum? You just determined they didn't?
    Mr. Khan. Right. We didn't ask why, we just looked at the 
end results of their analysis that was done some time before we 
started our audit.
    Mr. Perry. OK.
    Ms. Angerman, do you agree with that? Do you know if they, 
in your opinion, if they followed these best practices? I mean, 
you are the adviser on these things.
    Ms. Angerman. I think there were always--we identified and 
observed opportunities to improve in the planning process and 
the change management process in the integrated project 
management between the two agencies and that they investigated 
through their alternatives analysis the options that were 
available to them at the time.
    Mr. Perry. OK.
    Mr. Fulghum, can you comment? I mean, you know, if these 
are well-known, widely-ascribed-to best practices, is there 
some reason why they can't be followed or just recalcitrance 
or, you know, institutional bias for the organization, this is 
how we do things, this is how we have always done them, and we 
are not going to change, and we are going to resist? What is 
your take on this?
    Mr. Fulghum. No, sir. We will follow the best practices 
that were identified.
    I think what GAO found was that, in the case of DNDO, they 
had an independent contractor do their alternatives analysis. 
While the Coast Guard and TSA went through an extensive review 
process, they didn't have that independent contractor perform 
the analysis, I think is where we primarily fell short.
    Mr. Perry. So are you saying that the Coast Guard and TSA 
should have had the independent contractor as----
    Mr. Fulghum. I think a best practice would have been to 
have an independent review of that analysis. What I am saying, 
though, is that there was an extensive review of that analysis 
of alternatives by a variety of folks, including Treasury FIT.
    Mr. Perry. OK. In your testimony, Colonel, you said that it 
would be restructured for clearer accountability moving 
forward. Can you tell me what the difference in moving forward 
regarding accountability? Can you also describe if the private 
sector, so to speak, is going to be involved either more or to 
what extent moving forward?
    Mr. Fulghum. OK. Well, I will start with the accountability 
and a clear line of accountability. What I was referring to is, 
when we originally set up the structure we had three program 
offices with someone sitting over them and they were four 
people with, what I would say, no one really in charge. So when 
we stopped to pause the program, one of the things that I did 
was I asked the now-acting CFO to go take a hard look at 
ourselves to see what is it that we can do better. Out of that 
came a joint program office where there is one person, she is 
sitting right behind me, who is accountable and in charge.
    So from that perspective, I completely agree that we were 
fragmented in terms of our communication. I believe we have 
fixed that now.
    As far as the private sector, we are going, as you know, we 
have a draft, an RFP out asking for what I call a systems 
integrator. That will be a performance-based contract with 
clear visibility into both cost and scheduling.
    Mr. Perry. Excellent. Do you want to announce the 
gentlelady-behind-you's name who is going to be accountable so 
that when the next time we get together maybe she will be 
sitting on the dais with you? Or maybe we won't have to get 
together, which would be even better.
    Mr. Fulghum. I don't expect us to get together on this 
topic. But ultimately, as I said at the start, I am the one 
that is responsible and accountable.
    Mr. Perry. All right. Mr. Fulghum, we are going to hold you 
to that. We appreciate that.
    With that, I will conclude my questioning and recognize the 
Ranking Member, Mr. Correa.
    Mr. Correa. Thank you, Mr. Chair.
    Just as I am listening to your answers, I learn more and 
more and I have even more and more questions. But right now, we 
are not talking about all of DHS, we are just talking about 
certain portions of DHS. Correct?
    Mr. Fulghum. That is correct.
    Mr. Correa. OK. So are we looking at eventually getting the 
bugs out of this process and then integrating the remainder of 
the DHS departments?
    Mr. Fulghum. So our plan would be moving forward, again, 
and a lot of this is dependent on funding, which, by the way, I 
completely understand, given where we are today, we have ICE 
with services themselves and four other customers and then we 
have FEMA left to go. So based on this model and looking to 
standardize and reduce the footprint, we would expect to repeat 
this model with both ICE and FEMA.
    The rest of DHS is operating on a modernized system, CBP, 
Secret Service, and FLETC.
    Mr. Correa. So I guess, given the words you have just used, 
we are going to be using the best lessons learned here to try 
to move forward to essentially address the other departments as 
well, ICE and FEMA?
    Mr. Fulghum. Right, again using that internal shared 
services approach. Yes, sir.
    Mr. Correa. Let me say that, again, just based on my State 
legislative experience, you have got a challenge on your hands, 
we have a challenge on our hands. But I think that all of you 
here working together, coordinating with this committee and 
subcommittee, can make sure we coordinate and know what is 
going on so that we can best prepare for these surprises and we 
don't have to be here in a quarter or thereafter and have to 
answer tough questions, but rather try to make sure that there 
aren't any surprises as we move ahead. There will be.
    Again, as I listen to your testimony, I am getting these 
nightmares of what we went through in the State of California 
as a decentralization, not centralized, private, public, 
nothing really ended up being the right answer. But rather, I 
think we have to look at the process to make sure that we are 
managing the whole process and its implementation and adapting, 
I guess, to the circumstance as we move forward.
    Mr. Chair, I yield the remainder of my time.
    Mr. Perry. The Chair thanks the gentleman.
    The Chair recognizes the gentleman from Louisiana, Mr. 
Higgins.
    Mr. Higgins. Mr. Chairman, I have more of a statement than 
a question. I would just like to commend this panel for your 
candid and courageous answers. This is a level of complexity to 
coordinate for modernization, an endeavor that was envisioned 
years ago, and to sit before a Congressional subcommittee like 
this and confess that lessons were learned and changes were 
made.
    I was particularly struck by Ms. Singer's honesty when she 
stated that the estimate was missed by her predecessors 
regarding the $70 million price tag that has evolved into a 
$124 million price tag, and we are not done yet.
    So, Mr. Chairman, I think every now and then we have some 
very squared-away panelists and this was one of those days.
    So we thank you all for your continued efforts.
    I yield the balance of my time.
    Mr. Perry. The Chair thanks the gentleman and the use of 
the terminology ``squared-away,'' which hits close to home to 
me, and now recognizes Mr. Estes of Kansas.
    Mr. Estes. I guess my first question deals with, what is 
the time frame? I know we have talked a little bit about having 
to take a step back and say what are we doing, when are we 
doing it, how are we doing it, but, you know, what is the time 
frame to come up with a plan, particularly for DNDO and Coast 
Guard and TSA from a cost standpoint and what to do, when?
    Mr. Fulghum. So we are finalizing our plan to transition 
from IBC's data center to ours. Once we have that plan 
finalized, we will go out on the street for an integration 
contractor, which we expect to award by the end of October. By 
May, I believe we will have the system transitioned, we will 
have DNDO up and running by the first quarter of fiscal year 
2019, and then we will have TSA up and running the first 
quarter of 2020. The expectation is the Coast Guard the first 
quarter of 2021.
    Mr. Estes. OK. What is the expectations now for 
particularly fiscal year 2018, but maybe even future years we 
don't know yet, but for costs in fiscal year 2018 in terms of 
doing this work? Is that already laid out in the budget, or did 
the change in direction cause----
    Mr. Fulghum. So we believe the money we have asked for in 
the President's budget in fiscal year 2018 is sufficient to do 
what we need to do in fiscal year 2018.
    Mr. Estes. OK. So we talked a little bit about lessons 
learned. Granted, there was a lot more complexity from a 
standpoint of moving into a shared services model and, you 
know, as you mentioned, having different groups or different 
individuals from different groups trying to work together, but 
some of those things were pretty basic, I mean, in terms of the 
right resources and tracking the schedule and communication.
    So what is our plan to do in the future, going back to the 
question that was raised earlier about the confidence level 
that this next effort is going to succeed completely?
    Mr. Fulghum. So what I would say is I think we have learned 
lessons on the amount of testing we do, so we are going to do 
more testing than was done previously before Michele got there. 
In addition to that, the contract structure that her 
predecessors put in place were complex, the relationships were 
complex. We have a much more simplified approach.
    Then I go back to that joint program office, one voice, one 
office that is running the entire project. Those things 
combined with the fact that because of Michele's hard work and 
her team's hard work we have got a solution that we can use 
that will be the foundation for TSA and the Coast Guard.
    Mr. Estes. OK, thank you.
    I yield back.
    Mr. Perry. I think that votes have been called or will be 
momentarily, just for Members.
    To all the panelists, thank you very much for coming. I 
suspect in this regard we won't see Ms. Singer or Ms. Angerman 
again on this subject.
    However, Mr. Fulghum, I do expect to see you again and 
hopefully not on this subject. But if Mr. Khan and his 
investigations and requirements determines that we need to sit 
down again we will.
    We hope to think that we haven't wasted upward of over $50 
million on the first round and $124 million on the second. We 
appreciate that there are some deliverables that Ms. Singer has 
alluded to and, Mr. Fulghum, you have validated. But still, it 
is too much. It is our job, all of us as citizens, to make sure 
that our taxpayers are getting the most out of every dollar and 
every cent. So that is our duty as well as the mission, the 
other mission which is to complete these tasks. Right?
    So to that end, we are going to keep an eye on things and 
hopefully we will have better success in the future. Maybe you 
can come in here and tell us that that money was well-spent and 
since then we have got all the other agencies, including FEMA, 
involved and included in this and we have one model that we can 
pull reports from and be integrated. That would be what I think 
we would hope for.
    So we appreciate your time today. The Chair thanks the 
witnesses for their valuable testimony and the Members for 
their questions.
    Members may have some additional questions for the 
witnesses and we ask you, the witnesses, to respond to those in 
writing. Pursuant to committee rule VII(D), the hearing record 
will remain open for 10 days.
    Without objection, the subcommittee stands adjourned.
    [Whereupon, at 3:18 p.m., the subcommittee was adjourned.]



                            A P P E N D I X

                              ----------                              

          Questions From Chairman Scott Perry for Chip Fulghum
    Question 1. How will DHS improve its decision-making processes and 
communications with the new system integrator? What accountability 
mechanisms will exist with the upcoming procurement that did not exist 
with the Interagency Agreement with IBC?
    Answer. Per the lessons learned from the effort to move the United 
States Coast Guard (USCG), the Transportation Security Administration 
(TSA), and the Domestic Nuclear Detection Office (DNDO) to the 
Department of the Interior's Interior Business Center (IBC), a Federal 
shared service provider, changes have been made to improve the DHS 
decision-making process. The implementation approach has changed from 
individual component projects to a single initiative, which will 
streamline decision making. The new joint Program Management Office 
(JPMO) now provides centralized program governance, which differs from 
our effort with IBC.
    To fully staff the JPMO, DHS headquarters has requested and 
obtained component detailees with deep knowledge of component business 
processes and strong program management skills. The organizational 
structure of the JPMO provides single points of contact to communicate 
directly with the new system integrator. This eliminates the need for 
the system integrator to communicate with both DHS HQ and the component 
during the implementation.
    DHS will have direct contract oversight and engagement with 
vendors' contractors that support this effort. The JPMO is establishing 
contract requirements that will enable the JPMO to manage program cost, 
schedule, and performance. This will include reports submitted by the 
system integrator contractor that captures monthly performance metrics 
for the scope, cost, and schedule, which the FSM JPMO will use to 
analyze and monitor performance throughout the program. The JPMO will 
compare these reports against the planned statement of work, schedule, 
and cost to assess the progress towards achieving program objectives, 
and inform decision-making activities for this effort.
    DHS will utilize a contract management plan to set acceptable 
quality levels that will be used to measure the quality of deliverables 
based on established, well-defined acceptance criteria. The contract 
will include a set of incremental deliverables for the contractor that 
will provide evidence of program progress against the planned cost and 
schedule, and allow DHS the opportunity to identify issues early, and 
develop and implement corrective actions more timely. Delivery of these 
artifacts will be aligned with recurrent program gate reviews to assess 
overall program progress.
    Question 2. What role will IBC play in assisting the new system 
integrator? Does the Interagency Agreement require IBC to provide 
support for the TSA solution once it is transitioned to DHS? Will the 
new system integrator be able to collaborate with IBC after the 
transition?
    Answer. The transition will require support from DOI IBC resources 
for the virtual transition of the solution, and the stand-up, testing, 
and validation of such solution once relocated to the DHS data centers. 
DOI IBC will facilitate technical knowledge transfer, either through 
documentation or discussions with the new hosting and system deployment 
vendors. DOI IBC will support the transition of the operation and 
maintenance support, including help desk services, to the DHS vendors 
and personnel. Lastly, DOI IBC will develop, deliver, and execute a 
plan for the careful, safe retirement and decommissioning of DHS 
specific information and or systems at the conclusion of the transition 
phase.
    DOI IBC will not provide direct solution support after the system 
has been fully transitioned to the DHS data center. DHS has included 
options within the transition Interagency Agreement (IAA) that will 
allow DHS and its vendors the ability to consult with DOI IBC after the 
transition to DHS is completed.
    Question 3. How will DHS ensure that mistakes made in previous 
failed modernization efforts with industry vendors will not be 
repeated?
    Answer. DHS has gathered lessons learned from past attempts at 
financial systems modernization and incorporated them into the new 
approach.
    For example, DHS will segment the implementation using incremental 
deliverables with well-defined acceptance criteria. To monitor and 
oversee contractor performance, DHS has included EVM reporting 
requirements within the new contracts.
    To manage and control scope, DHS will leverage existing automated 
tools to track and manage requirements from operational, functional, 
and technical requirements through testing, with full traceability. 
This will allow better tracking of both the global requirements that 
are shared across all components and improve the identification and 
documentation of component-specific requirements. DHS will incorporate 
the full scope of testing activities, including testing of data and 
operational testing. Automated tools and extensive testing were noted 
lessons learned with our partnership with IBC.
    The JPMO will lead the organizational change management effort so 
that the organization is prepared from inception through post-
implementation support. DHS will standardize the approach to change 
management through the application of a structured process and set of 
tools, across components, to better support users through change. This 
standardized approach includes early establishment of stakeholder 
engagement forums such as peer support networks, targeted, more 
frequent communications, and a much-improved approach to training 
users. Training will be transitioned from the basic system training 
provided by IBC to role-based, business process-based training. DHS 
will also move away from the train-the-trainer approach for most 
components, and leverage instead professional training resources, 
deeply familiar with the system, provided through the new contract. 
Improving program-wide change management will enable smoother 
transitions, allow users to more quickly become proficient, and 
addresses best practices identified through the regular lessons learned 
exercises DHS performed during the IBC engagement.
    Question 4. Aside from TSA and Coast Guard, what are the 
Department's plans, including time frames, for modernizing other 
component systems? What risks, if any, exist with modernizing these 
systems? What additional costs might the Department incur in 
modernizing these systems?
    Answer. DHS has begun the planning to establish a strategic 
sourcing vehicle to meet the financial management system software needs 
for all DHS components. FEMA, ICE, and their customers plan to leverage 
the DHS strategic sourcing vehicle.
    The ICE and FEMA legacy systems are near end-of-life. The DHS 
components will continue to incur costs to maintain the legacy systems 
until they are modernized. The modernization risks are similar to those 
documented for the TSA and USCG. Risks include availability of funds, 
contract management, organization change management, data conversion, 
interfaces, and other technical risks. The delay for FEMA will also 
have cascading negative effects on other FEMA critical modernization 
efforts (Grants Management Modernization and NFIP's insurance system 
modernization, known as Pivot). The delayed FSM will require a 
connection to FEMA's legacy system now, and then a connection to the 
modernized system, which will require additional investment and effort.
    The JPMO will begin updating the cost estimates for FEMA, ICE, and 
the ICE customers in Q1 fiscal year 2018. After the LCCEs are 
completed, we welcome an opportunity to provide an update to the 
committee.
       Questions From Chairman Scott Perry for Elizabeth Angerman
    Question 1. What role will USSM have assisting DHS as it 
transitions to away from IBC and takes control of the TRIO solution?
    Answer. USSM's role is to advise agencies on lessons learned as 
they implement shared services. The USSM Modernization and Migration 
Management (M3) Playbook is a valuable compilation of best practices 
and lessons learned from Government and industry for system 
modernizations in a shared environment. USSM will also continue to work 
with the Chief Financial Officer community to design common 
requirements for integrated solutions for mission support functions. As 
DHS defines its vision for the end-state solution, these integrated 
standards will be the foundation for moving forward. However, it 
remains the responsibility of the agencies to determine the best path 
forward for their modernizations.
    USSM recommends that DHS leverage the M3 Playbook as it 
consolidates internally. USSM will continue to be available to support 
DHS as an independent and objective resource, as needed and 
appropriate.
    Question 2. What are the biggest risks DHS must identify, monitor, 
and mitigate to achieve financial systems modernization for the 
Transportation Security Administration (TSA) and the United States 
Coast Guard (USCG)?
    Answer. Change Management.--The most difficult part of these 
projects is re-engineering business processes to align to the solution 
and then helping the users to buy into and adopt the change. Focusing 
on training, clarifying roles and responsibilities, establishing 
service-level agreements, and defining overall success for the program 
by providing the proper attention, time, and resources is critical.
   Business Process Re-engineering needs to be the preferred 
        method of resolving any identified gaps over modification/
        customization of the software. Governance structures need to 
        support the idea of ``one decision maker'' for the consolidated 
        solution.
   Sufficient communication with the stakeholder community is 
        required to prepare them for the change and make sure they 
        understand the value proposition.
   Leveraging the M3 Playbook to create a business and 
        technical end-state (with metrics to measure success) for the 
        financial management function at DHS would help to create a 
        shared vision for success.
    Program Management.--DHS should adopt project management best 
practices such as developing a resource-loaded schedule which is used 
to track actual costs of various program activities.
   The value of an integrated, resource-loaded project schedule 
        and strong schedule management discipline cannot be 
        underestimated.
   Define roles and responsibilities of the headquarters and 
        component organizations, and assign one responsible official 
        for decision making.
   Define risks, mitigation strategies, and management 
        practices critical to ensuring success.
    Governance.--A single accountable entity is critical as consensus 
management is not an effective way to make decisions and govern a large 
Department-wide program. An expedited and integrated decision-making 
process that addresses issues and mitigates risks is critical and must 
include senior officials in the agencies.
   There is great value in having an integrated, co-located 
        program management team to lead the work activities and 
        identify and resolve gaps, conflicts, and priorities on a daily 
        basis.
   A single accountable entity is critical to resolve disputes 
        and make decisions.
    Scope.--Project planning in the early stages is key. DHS needs to 
clearly define and articulate the vision for the end-state solution to 
include the strategy and a roadmap to achieve the vision. Stakeholders 
at all levels should be bought into the vision.
   Importance of early stages of project planning--need to 
        clearly define and articulate the vision for the financial 
        management end-state, to include the strategy and a roadmap to 
        achieve the vision.
   All stakeholders need to understand the end-state to ensure 
        scope creep does not imperil the timely completion of the work 
        within the defined budget.

                                 [all]