Homeland Security: Risks Facing Key Border and Transportation	 
Security Program Need to Be Addressed (19-SEP-03, GAO-03-1083).  
                                                                 
The Department of Homeland Security (DHS) plans to establish a	 
program to strengthen management of the pre-entry, entry, status,
and exit of foreign nationals who travel to the United States.	 
The goals of the program, known as the United States Visitor and 
Immigrant Status Indicator Technology (US-VISIT), are to	 
facilitate legitimate trade and travel, enhance national	 
security, and adhere to U.S. privacy laws and policies. By	 
congressional mandate, DHS is to develop and submit for approval 
an expenditure plan for US-VISIT that satisfies certain 	 
conditions, including being reviewed by GAO. GAO was asked to	 
determine, among other things, whether the plan satisfies these  
conditions and to provide observations about the plan and DHS's  
management of the program.					 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-03-1083					        
    ACCNO:   A08497						        
  TITLE:     Homeland Security: Risks Facing Key Border and	      
Transportation Security Program Need to Be Addressed		 
     DATE:   09/19/2003 
  SUBJECT:   Accountability					 
	     Administrative costs				 
	     Agency missions					 
	     Budget outlays					 
	     Immigrants 					 
	     Immigration information systems			 
	     Internal controls					 
	     Noncompliance					 
	     Planning programming budgeting			 
	     Program management 				 
	     Reporting requirements				 
	     Strategic planning 				 
	     Program evaluation 				 
	     Homeland security					 
	     DHS Visitor and Immigrant Status			 
	     Indicator Technology Program			 
                                                                 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-03-1083

                                       A

Report to Congressional Committees

September 2003 HOMELAND SECURITY Risks Facing Key Border and
Transportation Security Program Need to Be Addressed

GAO- 03- 1083

Contents Letter 1

Recommendations for Executive Action 6 Agency Comments 7

Appendixes

Appendix I: Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations 9

Appendix II: Comments from the Department of Homeland Security 97

Abbreviations

ADIS Arrival Departure Information System APIS Advance Passenger
Information System CCD Consular Consolidated Database

CLAIMS 3 Computer Linked Application Information Management System 3 CLASS
Consular Lookout and Support System DHS Department of Homeland Security EA
enterprise architecture IBIS Interagency Border Inspection System IDENT
Automated Biometric Identification System INS Immigration and
Naturalization Service IRB Investment Review Board IT information
technology NIIS Non- Immigrant Information System NSEERS National Security
Entry- Exit Registration System OMB Office of Management and Budget POE
port of entry SA- CMM (R) Software Acquisition Capability Maturity Model
(R) SEI Software Engineering Institute SEVIS Student Exchange Visitor
Information System US- VISIT U. S. Visitor and Immigrant Status Indicator
Technology

This is a work of the U. S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

Letter

September 19, 2003 The Honorable Thad Cochran Chairman The Honorable
Robert C. Byrd Ranking Minority Member Subcommittee on Homeland Security
Committee on Appropriations United States Senate The Honorable Harold
Rogers Chairman The Honorable Martin Olav Sabo Ranking Minority Member
Subcommittee on Homeland Security Committee on Appropriations House of
Representatives Pursuant to the Consolidated Appropriations Resolution,
2003, 1 the Department of Homeland Security (DHS) submitted to Congress in
June 2003 its fiscal year 2003 expenditure plan for the United States
Visitor and Immigrant Status Indicator Technology (US- VISIT) program. US-
VISIT is a governmentwide program intended to improve the nation*s
capacity for collecting information on foreign nationals who travel to the
United States, as well as control the pre- entry, entry, status, and exit
of these travelers. The goals for US- VISIT are to facilitate legitimate
travel and trade, enhance national security, and adhere to U. S. privacy
laws and policies. As also required by the Consolidated Appropriations
Resolution, 2003, we reviewed the expenditure plan. Our objectives were to
(1) determine whether the US- VISIT fiscal year 2003 expenditure plan
satisfies certain legislative conditions specified in the Consolidated
Appropriations Resolution, 2003; (2) determine the status of our US- VISIT
open recommendations; and (3) provide any other observations about the
expenditure plan and DHS*s management of US- VISIT. The specified
legislative conditions are that the plan meet the capital planning and
investment control review requirements established by the Office of
Management and Budget (OMB), including OMB Circular A- 11, part 3; that it
comply with the acquisition rules, requirements, guidelines, and systems

1 P. L. 108- 7 (Feb. 20, 2003).

acquisition management practices of the federal government; and that it be
reviewed by GAO.

On July 18, 2003, we provided your offices a written briefing detailing
the results of our review. This report summarizes and transmits this
briefing. The full briefing, including our scope and methodology, is
reprinted as appendix I.

Concerning our first objective, DHS partially satisfied those legislative
conditions specified in the Consolidated Appropriations Resolution, 2003,
that are applicable to it. That is, the plan, including related program
documentation and program officials* statements, satisfied or provided for
satisfying many, but not all of the key aspects of (1) OMB*s capital
planning and investment control review requirements; and (2) federal
acquisition rules, requirements, guidelines, and systems acquisition
management practices. For example, DHS fulfilled the OMB requirement that
agencies state whether projects are approved by investment review boards
and

reviewed by Chief Financial and Procurement Officers; the plan was
conditionally approved by DHS*s review board, which includes DHS*s Chief
Financial and Procurement Officers. On the other hand, OMB guidance
requires that agency plans summarize life cycle costs and include a cost/
benefit analysis that covers return on investment. DHS has not yet

established a date and plan for developing a current life cycle cost and a
cost/ benefit analysis for US- VISIT, although program officials stated
that they intend to do so.

Concerning our second objective, DHS has initiated action to implement or
has partially implemented most, but not all of the recommendations
contained in our report on the fiscal year 2002 expenditure plan. 2 Each
recommendation, along with the status of each, is summarized below.

 We recommended that DHS develop a system security plan and privacy
impact assessment. The department has action under way to address this
recommendation. Specifically, DHS reported that it has defined security
and privacy requirements and has drafted a security plan and a privacy
impact assessment.

2 U. S. General Accounting Office, Information Technology: Homeland
Security Needs to Improve Entry Exit System Expenditure Planning, GAO- 03-
563 (Washington, D. C.: June 9, 2003).

 We recommended that DHS ensure that controls in the area of acquisition
planning, solicitation, requirements management, program management,
contract tracking and oversight, and evaluation are implemented in
accordance with the Software Engineering Institute*s (SEI) guidance. 3 The
department plans to implement this recommendation. Specifically, DHS has
recently approved a program management structure that includes functions
consistent with these

controls; however, it has not yet developed explicit plans or time frames
for defining and implementing them.

 We recommended that DHS ensure that future expenditure plans are
provided to the department*s House and Senate Appropriations Subcommittees
in advance of US- VISIT funds being obligated. With respect to the fiscal
year 2003 expenditure plan, DHS partially satisfied

this recommendation. Specifically, it provided this plan to the Senate and
House Appropriations Subcommittees on Homeland Security in June 2003.
However, following DHS*s request for use of $5 to $7 million

in March 2003, the April 2003 House Conference Report 4 recommended that
DHS use $5 million for US- VISIT. DHS subsequently allocated the $5
million to the US- VISIT program.

 We recommended that DHS ensure that future expenditure plans fully
disclose US- VISIT system capabilities, schedule, cost, and benefits. With
respect to the fiscal year 2003 expenditure plan, DHS has partially
satisfied this recommendation. Specifically, this plan describes highlevel
capabilities by increment, high- level schedule estimates, and categories
of expenditures. However, the plan does not associate these categories of
expenditure to incremental capabilities, time frames, and benefits.
Moreover, the plan does not identify expected benefits in tangible,
measurable, and meaningful terms, nor does it associate benefits with
increments.

Finally, we identified 10 factors that make US- VISIT a risky endeavor.
Some of these risk factors are inherent to the program, and others are a
product of the program*s relatively immature state of governance and
management. The specific risk factors that we identified are as follows:

3 Carnegie Mellon Software Engineering Institute, Software Acquisition
Capability Maturity Model , Version 1. 03 (March 2002) defines acquisition
process management controls for planning, managing, and controlling
software- intensive system acquisitions.

4 H. R. Conf. Rep. No. 108- 76, at 80 (2003).

 US- VISIT is critical to the department*s mission in preventing the
entry of persons who pose a threat to our nation into the United States.
The missed entry of just one of these persons could have severe
consequences.

 US- VISIT is large in scope and complex. For example, the program is to
(1) support a large governmentwide process involving multiple departments
and agencies, (2) modify and expand facilities at over 150 land ports of
entry, and (3) interconnect about 20 existing systems.

 To meet US- VISIT*s daunting milestones, 5 DHS has chosen to implement
temporary solutions, largely because over the last 7 years, limited
progress has been made in addressing key legislative requirements. For

example, to meet deadlines at land ports of entry, DHS plans to develop
and implement interim, or temporary, system and facility solutions.  The
program will be a costly undertaking. In February 2003, DHS

estimated that the program would cost about $7.2 billion through fiscal
year 2014. However, this estimate is outdated and does not include, for
example, the State Department*s cost to implement visas with biometrics,
which we previously estimated could add as much as $15 billion to the
program*s cost through 2014. 6  The performance of initial increments of
the US- VISIT system depends

on the performance of existing systems that are to be interfaced. Some of
these systems, such as the Student and Exchange Visitor Information System
7 and the Computer Linked Application Information Management System 3, 8
have known system availability problems that could limit USVISIT system
performance.

5 For example, the Immigration and Naturalization Service Data Management
Improvement Act of 2000 (P. L. 106- 215, June 15, 2000) requires that US-
VISIT be implemented at all air and sea ports of entry by December 31,
2003; at the 50 highest volume land ports of entry by December 31, 2004;
and at all remaining ports of entry by December 31, 2005.

6 U. S. General Accounting Office, Technology Assessment: Using Biometrics
for Border Security, GAO- 03- 174 (Washington, D. C.: Nov. 15, 2002). 7
The Student and Exchange Visitor Information System contains information
on foreign students. 8 The Computer Linked Application Information
Management System 3 contains information on foreign nationals who request
benefits, such as change of status or extension of stay.

 US- VISIT is not currently directed and overseen by an accountable
governance structure that reflects the program*s governmentwide scope and
that includes the appropriate leaders from each stakeholder

organization, that is, those who can make and enforce decisions and commit
resources.

 The US- VISIT program office does not have the capabilities (people,
processes, and tools) to effectively manage the program. For example, this
office has not yet been adequately staffed, specific roles and
responsibilities have not been defined, and acquisition management process
controls have not been developed and implemented. Moreover, DHS has not
defined specific plans and time frames for doing so.  Key information
about the operational context surrounding US- VISIT

that is necessary to effectively define, establish, and implement the
program is not yet available. As a result, DHS is making certain
assumptions and decisions in order to meet near- term deadlines, such as
the use of a two- fingerprint biometric; these assumptions and decisions

would require system rework if they prove inconsistent with subsequent
operational context policy or standards decisions.  Construction of US-
VISIT facility solutions, both interim and permanent,

pose serious challenges for a number of reasons. For example, existing
facilities do not support existing entry and exit processes at a number of
land ports of entry, border crossing wait times are very sensitive to very
small increases in processing times at certain high- volume land ports of

entry, and interim facility solutions must satisfy yet- to- be defined
program requirements.

 The mission value to be gained from the initial US- VISIT operational
capability planned for December 31, 2003, is not currently known. In
particular, DHS has not defined specific, measurable benefits expected
from this initial operating capability, in large part because it has yet
to define the processes that will govern how entry and exit activities
will be performed. This uncertainty is compounded by the fact that this
initial operating capability is to be constrained by existing facilities
and personnel and it is not to result in increases in border crossing wait
times.

In conclusion, US- VISIT is a risky undertaking because it is to support a
critical mission, its scope is large and complex, it must meet a demanding
implementation schedule, and its potential cost is enormous. Generally,

these risk factors are inherent to the program and cannot be easily
changed. However, compounding these inherent risk factors are a number of
others that are attributable to the program*s current state of governance
and management and its acquisition approach, as described above. Further,
DHS did not fully satisfy the legislative conditions imposed by the
Congress

and has yet to fully implement our previous recommendations, both of which
were aimed at reducing risk. Because of all these risk factors, it is
uncertain that US- VISIT will be able to measurably and appreciably
achieve DHS*s stated goals of facilitating legitimate travel and trade,
enhancing national security, and adhering to U. S. privacy laws and
policies. Moreover, DHS*s near- term investment in the program is at risk
of not delivering promised capabilities on time and within budget, and not
producing mission value commensurate with investment costs. Thus, it is
imperative that the factors that contribute to this level of risk be
addressed thoroughly and expeditiously.

Recommendations for To address US- VISIT as a governmentwide program and
to minimize the

Executive Action risks facing the program, we recommend that the Secretary
of Homeland

Security, in collaboration with cabinet officials from US- VISIT
stakeholder departments and agencies,  establish and charter an executive
body, chaired by the Secretary*s

designee, potentially co- chaired by the leadership from key stakeholder
departments and agencies, and composed of appropriate senior- level
representatives from DHS and each stakeholder organization, to guide and
direct the US- VISIT program; and  direct this executive body to
immediately take steps to (1) ensure that

the human capital and financial resources are expeditiously provided to
establish a fully functional and effective US- VISIT program office and
associated management capability, (2) clarify the operational context
within which US- VISIT must operate, and (3) decide whether proposed US-
VISIT increments will produce mission value commensurate with costs and
risks and disclose to the Congress planned actions based on this body*s
decisions.

Further, we recommend that the Secretary, through the Under Secretary for
Border and Transportation Security, direct the US- VISIT Program Director
to expeditiously establish an effective program management capability,
including immediately

 defining program office positional roles, responsibilities, and
relationships;

 developing and implementing a human capital strategy that provides for
staffing these positions with individuals who have the requisite core
competencies (knowledge, skills, and abilities);

 developing and implementing a plan for satisfying key SEI acquisition
management controls, to include acquisition planning, solicitation,
requirements development and management, project management, contractor
tracking and oversight, evaluation, and transition to support;

 developing and implementing a risk management plan and ensuring that all
high risks and their status are reported regularly to the executive body;

 defining performance standards for each US- VISIT system increment that
are measurable and reflect the limitations imposed by relying on existing
systems for these system increments; and

 developing an analysis of incremental program costs, benefits, and
risks, and providing this analysis to the executive body, to assist it in
the body*s deliberations and decision making.

Agency Comments In written comments on a draft of this report signed by
the Director, USVISIT, DHS concurred with our recommendations and stated
that it has

recently made progress toward addressing them. In particular, DHS stated
that it has approved the proposed US- VISIT organizational structure and
identified necessary staff positions, and that it is working with the
Office of Personnel Management to draft position descriptions and prepare
for recruitment. Also, it stated that the US- VISIT program office is
staffed with 51 detailees from various DHS components and agencies. Last,
it stated that it has in place an Investment Review Board that has twice
reviewed US- VISIT, has established a DHS framework for addressing policy

questions, and has plans to establish a US- VISIT Advisory Council. DHS*s
comments are reprinted in appendix II.

We are sending copies of this report to the Chairmen and Ranking Minority
Members of other Senate and House committees and subcommittees that

have authorization and oversight responsibilities for homeland security.
We are also sending copies to the Secretary of State and the Director of
OMB. We also will make copies available to others upon request. In
addition, the report will be available at no charge on the GAO Web site at
http:// www. gao. gov.

Should you or your staff have any questions on matters discussed in this
report, please contact me at (202) 512- 3439. I can also be reached by E-
mail at Hiter@ gao. gov. Key contributors to this report were Seto
Bagdoyan, Barbara Collier, Deborah Davis, Neil Doherty, Rebecca Gambler,
Tamra Goldstein, James Houtz, Richard Hung, Tammi Nguyen, and Mark Tremba.

Randolph C. Hite Director, Information Technology Architecture and Systems
Issues

Appendi xes Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House

Appendi x I

Committees on Appropriations Information Technology: Risks Facing Key
Homeland Security Program Need to Be Addressed

Briefing to the Staffs of the Subcommittees on Homeland Security Senate
and House Committee on Appropriations

July 18, 2003 1

Briefing Overview * Introduction  Objectives  Results in Brief 
Background  Results

 Legislative Conditions  Status of Recommendations  Observations 
Conclusions  Recommendations  Agency Comments  Attachment I.
Legislative History  Attachment II. Scope and Methodology

2

Introduction Seven years ago, the Congress passed legislation that
directed the former Immigration and Naturalization Service (INS) to
develop an entry exit system. Pursuant to this and related legislative
direction, 1 INS established the entry exit program about 16 months ago.
Subsequently, INS was merged into the Department of Homeland Security
(DHS), and the entry exit program was renamed the United States Visitor
and Immigrant Status Indicator Technology (US- VISIT). US- VISIT is a
governmentwide program that is to improve the processes, policies, and
systems used to collect information on foreign nationals who travel to the
United States, and to track entries, exits, and stays of travelers.

DHS*s stated goals for US- VISIT are to  facilitate legitimate travel and
trade,  enhance national security, and  adhere to U. S. privacy laws and
policies.

1 See attachment I for a listing of relevant legislation. 3

Introduction The US- VISIT program involves the interdependent application
of people, processes, technology, and facilities.

Note: GAO analysis based on DHS data. 4

Introduction The Consolidated Appropriations Resolution, 2003, 1 prohibits
DHS from obligating any funds appropriated in the act for the entry exit
system (now US- VISIT), until it submits a plan for expenditure that
satisfies the following legislative conditions.

 It meets the capital planning and investment control review requirements
established by the Office of Management and Budget (OMB), including OMB
Circular A- 11, part 3. 2

 It complies with the acquisition rules, requirements, guidelines, and
systems acquisition management practices of the federal government.

 It is reviewed by GAO. 1 P. L. 108- 7 (Feb. 20, 2003). 2 OMB Circular A-
11 establishes policy for planning, budgeting, acquisition, and management
of federal capital assets.

5

Introduction In fiscal year 2003, Justice requested $380 million for the
entry exit program (now US- VISIT)*$ 362 million in new funding and $18
million in fiscal year 2003 base resources.

 In conjunction with the Consolidated Appropriations Resolution, 2003,
the conference report 1 recommended $362 million for the entry exit system
(now US- VISIT) and related information technology (IT) infrastructure
upgrades.

 According to DHS officials, the $18 million in base resources was to
come from a user fee account. However, according to these officials, given
the decrease in user fee receipts since September 11, 2001, it is unclear
whether the $18 million will be available for the US VISIT program.

DHS submitted its fiscal year 2003 expenditure plan for $375 million 2 on
June 5, 2003, to its House and Senate Appropriations Subcommittees on
Homeland Security.

1 H. R. Conf. Rep. No. 108- 10, at 623 (2003). 2 In April 2003, H. R.
Conf. Rep. No. 108- 76 at 80 (2003), recommended that DHS use $5 million
for USVISIT. The $5 million was not included in the expenditure plan
submitted to the Appropriations Subcommittees in June 2003.

6

Objectives As agreed, our objectives were to

1. determine whether the US- VISIT fiscal year 2003 expenditure plan
satisfies the legislative conditions,

2. determine the status of our US- VISIT open recommendations, and 3.
provide any other observations about the expenditure plan and DHS*s

management of US- VISIT. We conducted our work at DHS headquarters in
Washington, D. C., from April through July 2003 in accordance with
generally accepted government auditing standards. Details of our scope and
methodology are given in attachment II.

7

Results in Brief: Objective 1

Legislative Conditions

DHS*s expenditure plan partially satisfies the legislative conditions.

Legislative conditions Fully satisfies 1 Partially satisfies 2 Does not
satisfy 3

1. Meets the capital planning and investment control review

requirements established by OMB, including OMB Circular A- 11, part 3.

2. Complies with the acquisition rules, requirements, guidelines, and

systems acquisition management practices of the federal government.

3. Is reviewed by GAO.

1 Satisfies or provides for satisfying every aspect of the condition that
we reviewed. 2 Satisfies or provides for satisfying many, but not all, key
aspects of the condition that we reviewed. 3 Satisfies or provides for
satisfying few, if any, of the key aspects of the condition that we
reviewed.

8

Results in Brief: Objective 2

Open Recommendations

Status of DHS actions to implement our open recommendations.

Status GAO open recommendations Complete Partially complete In progress
Planned

1. Develop a system security plan and

privacy impact assessment. 2. Ensure that controls in the area of

acquisition planning, solicitation, requirements management, project
management, contract tracking and

oversight, and evaluation are implemented in accordance with SEI 1
guidance.

( continued next slide)

1 The Software Acquisition Capability Maturity Model (R) developed by
Carnegie Mellon University*s Software Engineering Institute (SEI) defines
acquisition process management controls for planning, managing, and
controlling software- intensive system acquisitions.

9

Results in Brief: Objective 2

Open Recommendations Status GAO open recommendations

Complete Partially complete In progress Planned

3. Ensure that future expenditure plans are provided to DHS*s House and

1

Senate Appropriations Subcommittees in advance of USVISIT funds being
obligated.

4. Ensure that future expenditure plans fully disclose what US- VISIT
system

1

capabilities and benefits are to be delivered, by when, and at what cost.

1 With respect to the fiscal year 2003 expenditure plan. 10

Results in Brief: Objective 3

Observations: Risk Factors

US- VISIT is a high risk endeavor. We have identified 10 risk factors
affecting USVISIT:  Mission is critical. The missed entry of one person
who poses a threat to the

United States could have severe consequences.  Scope is large and
complex. Controlling the pre- entry, entry, status, and exit

of millions of travelers is a large and complex process.  Milestones are
challenging. Progress and current status of the program

makes satisfying legislatively mandated milestones difficult.  Potential
cost is significant. DHS has estimated that the program will cost

$7.2 billion through fiscal year 2014, and this estimate does not include
all costs and may underestimate some others.

 Existing systems have known problems. The program is to initially rely
on existing systems with known problems that could limit US- VISIT
performance.

11

Results in Brief: Objective 3

Observations: Risk Factors

 Governance structure is not established. The program is not currently
governed by an accountable body that reflects its governmentwide scope and
that can make and enforce decisions and commit resources for all program
stakeholders.

 Program management capability is not implemented. The program office is
not yet adequately staffed, roles and responsibilities are not yet clearly
defined, and acquisition management processes are not yet established.

 Operational context is unsettled. Operational issues have not been
decided, such as which rules and standards will govern implementation of
biometrics technology.

 Near- term facilities solutions pose challenges. Interim facility
planning for high- volume land ports of entry (POEs) must satisfy
demanding as well as yetto- be defined requirements.

 Mission value of first increment is currently unknown. The benefits
versus costs of the first increment are not yet known.

12

Results in Brief: Objective 3

Observation Risk Factors Affecting US- VISIT

Unless these risk factors are effectively addressed, US- VISIT is likely
to fall short of envisioned expectations.

13

Results in Brief To address these risk factors, we are making
recommendations to the Secretary of Homeland Security.

We provided DHS a draft of this briefing. In its oral comments, DHS agreed
with our findings, conclusions, and recommendations.

14

Background

Border Inspection by POE

All persons that legally enter the United States must pass through one of
more than 300 land, sea, or air ports of entry (POEs), and must undergo a
primary inspection. In fiscal year 2002, about 440 million primary
inspections were conducted on foreign nationals and U. S. citizens.

Number of Number of

Percentage of Type of POEs

POEs inspections inspections

Land 165 358,373,569 81 Air 123 69,679,190 16 Sea

42 12,369,035 3 Total 330 440,421,794 100 Source: DHS. Note: GAO analysis
based on DHS data.

15

Background

US- VISIT Overview

US- VISIT is a governmentwide endeavor intended to facilitate legitimate
travel and trade, enhance national security, and adhere to U. S. privacy
laws and policies by

 collecting, maintaining, and sharing information on individuals who
enter and exit the United States;

 identifying individuals who (1) have overstayed or violated the terms of
their visit; (2) can receive, extend, or adjust their immigration status;
and (3) should be apprehended or detained by law enforcement officials;

 detecting fraudulent travel documents, verifying traveler identity, and
determining traveler admissibility through the use of biometrics; and

 facilitating information sharing and coordination within the border
management community.

16

Background

US- VISIT Organization

Within DHS, 1 organizational responsibility for the US- VISIT program is
within the Border and Transportation Security Directorate.

In June 2003, DHS established a US- VISIT program office with
responsibility for managing the acquisition, deployment, operation, and
sustainment of the US- VISIT system and supporting people (e. g.,
inspectors), processes (e. g., entry exit policies and procedures), and
facilities (e. g., inspection booths) associated with the program.

The following graphic shows the organizational ownership for the US- VISIT
program.

1 In January 2003, we designated the implementation and transformation of
DHS as a high risk program for the following three reasons: (1) the size
and complexity of the undertaking, (2) the wide array of existing
challenges of the component agencies being merged within DHS, and (3) the
potentially serious consequences of DHS*s failure to effectively carry out
its mission. (U. S. General Accounting Office, Major Management Challenges
and Program Risks: Department of Homeland Security , GAO- 03- 102
(Washington, D. C.: January 2003)).

17

Background

US- VISIT Organization Organizational Placement of US- VISIT Program (
partial DHS organization chart)

Note: GAO analysis based on DHS data As of May 2003, the US- VISIT program
office reports directly to the Under Secretary for Border and
Transportation Security.

18

Background

Acquisition Strategy Acquisition Strategy

DHS plans to deliver US- VISIT capability incrementally. Currently DHS has
defined four increments, with Increments 1 through 3 being interim, or
temporary, solutions, and increment 4 being the strategic solution and
consisting of a series of increments. Increments 1 through 3 include the
interfacing and enhancement of existing system capabilities and the
deployment of these capabilities at air, sea, and land POEs; the design
and construction of interim facilities 1 at land POEs; and the development
and implementation of revised border inspection procedures.

1 DHS is planning to construct interim, or temporary, facilities at land
POEs to meet established milestones, while concurrently developing
permanent solutions at these POEs.

19

Background

Acquisition Strategy

According to DHS, Increment 1 is to deliver an initial system operating
capability to all air and sea POEs by December 31, 2003, that includes

 recording the arrival and departure of foreign nationals using passenger
and crew manifest data,

 identifying travelers who have overstayed their visits or changed their
visitor status, and

 interfacing seven existing systems that contain data about foreign
nationals. Increment 1 is to also verify travelers* identities upon entry
into the United States through the use of biometrics and checks against
watch lists (e. g., the Interagency Border Inspection System* IBIS) at air
POEs and 13 of 42 sea POEs, but only for those cruise lines that currently
have inspections stations

Increment 1 is also to include developing policies and procedures and
providing the associated training for an interim inspection process.

Increment 1 may include an exit capability beyond the capture of the
manifest data. 20

Background

Acquisition Strategy

Increment 1 is not intended to include the installation or acquisition of
additional facilities at air and sea POEs, or employment of additional
inspectors.

Increment 2 is to deploy Increment 1 system capability and design and
construct interim facilities (e. g., additional inspection booths) at the
50 highest volume land POEs by December 31, 2004. It is also to include

 the use of radio frequency technology 1 for vehicles and pedestrians
that are pre- cleared, and

 the use of technology to read travel documents with biometrics. 2
Increment 3 is to deploy Increment 2 system capability and design and
construct interim facilities at all remaining land POEs by December 31,
2005. Increment 4 is to deliver a new, yet- to- be- defined, integrated
system solution to a yet- to- be- defined number of POEs by December 31,
2006.

1 DHS plans to issue radio frequency- enabled proximity cards. As the
person or vehicle passes through the inspection lane, the data on the card
are read by an antenna and displayed on the inspector*s screen. 2 By
October 26, 2004.

21

Background

Acquisition Strategy

For the system, DHS plans are to award a single, indefinite- delivery/
indefinitequantity (IDIQ) 1 type contract to a prime contractor capable of
integrating existing and new business processes and technologies. DHS
plans to issue a request for proposal for the prime contractor in November
2003. The prime contractor is to be responsible for Increment 4 and is to
assist in the deployment of Increments 2 and 3. DHS plans to use existing
contractors to interface and enhance the existing systems for Increment 1.
For facilities, the department plans to award contracts for the design and
construction of interim facilities at each land POE through the General
Services Administration (GSA). DHS is working with GSA to obligate $17
million for the award of interim facilities design contracts beginning in
August 2003. DHS plans to award interim facilities construction contracts
for the 50 highest volume land POEs through GSA beginning in February 2004
using anticipated fiscal year 2004 funds.

1 An IDIQ contract is a flexible contract that provides for an indefinite
quantity, within stated limits, of supplies or services during a fixed
period of time. The government schedules deliveries or performance by
placing orders with the contractor.

22

Background

Acquisition Strategy

For human capital, DHS has not yet defined its strategy. However, for
Increment 1, it does not plan to acquire any additional inspection staff.
According to program officials, the department is developing a training
plan for inspectors for Increment 1, and it expects to complete training
by the end of December 2003.

DHS is currently developing the policies, procedures, and guidance for
implementing Increment 1. It expects to complete development by the end of
October 2003.

23

Background

Component Systems Component Systems

US- VISIT (Increments 1 through 4) is to include the interfacing and
integration of over 20 existing systems. For example, Increment 1 includes
the following existing systems:

 Arrival Departure Information System (ADIS), a database that stores
traveler arrival and departure data and can perform query functions;

 Advance Passenger Information System (APIS), a system that captures
arrival and departure manifest information;

 Interagency Border Inspection System (IBIS), a system that maintains
lookout data and interfaces with other agencies databases, and is
currently used by inspectors at POEs to verify traveler information and
modify data;

 Automated Biometric Identification System (IDENT), a system that
collects and stores biometric data for foreign visitors;

24

Background

Component Systems

 Student Exchange Visitor Information System (SEVIS), a system that
contains information on foreign students; and

 Computer Linked Application Information Management System (CLAIMS 3), a
system that contains information on foreign nationals who request
benefits, such as change of status or extension of stay.

 Consular Consolidated Database (CCD), a system that includes information
on whether a visa applicant has previously applied for a visa or currently
has a valid U. S. visa.

25

Background

Review of Prior Expenditure Plan GAO s Review of Fiscal Year 2002
Expenditure Plan

In our report on the fiscal year 2002 expenditure plan, 1 we concluded
that  the plan partially satisfied the legislative conditions;  INS
intended to acquire and deploy a system with functional and performance

capabilities consistent with the general scope of capabilities under
various laws; and

 the plan did not provide sufficient information to allow Congress to
oversee the program.

1 U. S. General Accounting Office, Information Technology: Homeland
Security Needs to Improve Entry Exit System Expenditure Planning, GAO- 03-
563 (Washington, D. C.: June 9, 2003).

26

Background

Review of Prior Expenditure Plan

Accordingly, we made recommendations, including  developing a system
security plan and privacy impact assessment;  ensuring that controls in
the area of acquisition planning, solicitation,

requirements development and management, project management, contract
tracking and oversight, and evaluation be implemented in accordance with
SEI guidance;

 ensuring that future expenditure plans be provided to the department*s
House and Senate Appropriations Subcommittees in advance of US- VISIT
funds being obligated; and

 ensuring that future expenditure plans fully disclose US- VISIT system
capabilities, schedule, cost, and benefits to be delivered.

27

Background

Review of Current Expenditure Plan Fiscal Year 2003 Expenditure Plan
Summary (see next slides for descriptions)

Areas of expenditure Amount

Proof of Concept Demonstrations: NSEERS reimbursement $ 10,500,000

NSEERS 9,500,000

Facial Verification Test 1,500,000

System Enhancement & Infrastructure Upgrades 155,000,000

POE IT and Communication Upgrades 85,000,000

Facilities Planning, Analysis, & Design 60,000,000

Training 3,500,000

Program Management Support 30,000,000

Operations & Systems Sustainment 20,000,000

Total $ 375,000,000 1

Source: DHS. 1 In April 2003, H. R. Conf. Rep. No. 108- 76 at 80 (2003),
recommended that DHS use $5 million for USVISIT.

The $5 million was not included in the expenditure plan submitted to the
Appropriations Subcommittees in June 2003.

28

Background

Current Expenditure Plan Descriptions Proof of Concept Demonstrations:
This area includes reimbursement to DHS*s Bureau of Citizenship and
Immigration Services for previously conducted registration activities
associated with the National Security Entry- Exit Registration System
(NSEERS). 1 Costs in this area also include those for software changes
made to IDENT to accommodate NSEERS, for the purchase and deployment of
additional IDENT/ ENFORCE workstations to POEs and district offices, and
for training staff on these system changes. In addition, this area
includes a pilot with the Australian government to test facial
recognition, in which the Australian government will provide a select
group of commercial pilots traveling between Australia and the United
States with passports that have biometrics encoded on a chip; these
passports will allow DHS to test the reading of the biometric information
and to conduct facial verification matching tests.

1 NSEERS consists of (1) a modified version of the Enforcement Case
Tracking System (ENFORCE), (2) deployments of the Automated Biometric
Identification System (IDENT), and (3) updated polices and procedures
covering the registration of certain nonimmigrants. ENFORCE is a case
management system that supports the apprehension and booking process for
illegal aliens. IDENT is a database of more than 4.5 million foreign
visitors* fingerprints (two prints) and photos.

29

Background

Current Expenditure Plan System Enhancement & Infrastructure Upgrades:
This area includes the enhancement of existing information systems,
telecommunications upgrades between the Justice and Customs data centers,
an additional server to accommodate increased workload, and wide- area
network upgrades to support additional processing and bandwidth
requirements relative to the transmission of biometrics data.

POE IT and Communication Upgrades: This area includes upgrades to the
hardware (e. g., desktop computers, scanners, biometric devices) and
communications infrastructure at the POEs.

30

Background

Current Expenditure Plan Facilities Planning, Analysis, & Design: This
area includes modeling air, sea, and the 50 highest volume land POEs for
interim facilities and planning for permanent facilities; conducting
environmental assessments; acquiring space for US- VISIT enrollment
centers at the 50 highest volume land POEs; developing site plans;
awarding design contracts for interim facilities at the 50 highest volume
land POEs; conducting feasibility studies and developing master plans to
begin collecting data and coordinating existing activities and projects
for future requirements; and providing facility- related program and
project management support.

Training: This area includes initial training for personnel to use the US-
VISIT system.

Program Management Support: This area includes establishing a program
management office to manage the US- VISIT program and engaging program
management support contractors.

Operations & Systems Sustainment: This area includes increased maintenance
and technical support to meet the system performance requirements.

31

Background

Funding US- VISIT Available Appropriations, DHS Allocations, and
Obligations for Fiscal Year 2002 and 2003

Available DHS allocations

2 Fiscal year appropriations ( millions) 1 ( millions) Obligated (
millions) FY 2003

$ 380.0 $ 52.5 3

$ 4.2 FY 2002

13.3 * 4

3.2 4

Total $ 393.3 $ 7.4

Source DHS. 1 Of the $449.8 million lump sum appropriated for Enforcement
and Border Affairs in the Department of Defense and Emergency Supplemental
Appropriations for Recovery from and Response to Terrorist Attacks on the
United States Act, 2002 (P. L. 107- 117), the conference report (H. R.
Conf. Rep. No. 107- 350, at 416 (2001)) recommended that INS use $13.3
million in appropriations for the entry exit system (now USVISIT). This
amount is available until expended. Of the $2.8 billion lump sum
appropriated for Immigration Enforcement and Border Affairs for fiscal
year 2003, the conference report (H. R. Conf. Rep. No. 108- 10, at 623
(2003)) recommended that INS use $362 million for what is now US- VISIT.
These funds expire at the end of fiscal year 2003. According to DHS
officials, an additional $18 million in base resources was to be available
from a user fee account. Given the decrease in user fee receipts since
September 11, 2001, these officials stated that the $18 million may not be
available for the US- VISIT program.

32

Background

Funding Approvals

2 As of June 12, 2003. 3 In April 2003, H. R. Conf. Rep. No. 108- 76, at
80 (2003), recommended that DHS use $5 million for USVISIT. DHS allocated
this $5 million to the US- VISIT program. After submitting the expenditure
plan to its appropriations subcommittees in June, DHS allocated $47.5
million to the US- VISIT program. 4 On August 2, 2002, the Congress
enacted the 2002 Supplemental Appropriations Act for Further Recovery From
and Response to Terrorist Attacks on the United States (P. L. 107- 206,
Aug. 2, 2002), which prohibited INS from obligating funds for the entry
exit system (from either of the two supplemental appropriations) until the
agency submitted an expenditure plan to the appropriations committees that
satisfied certain legislative conditions imposed by the act. Before August
2, 2002, the former INS had obligated $3.2 million.

33

Background

US- VISIT Timeline US- VISIT Timeline

Note: GAO analysis of DHS data. 1 The Visa Waiver System electronically
collects arrival and departure information for all passengers and crew
members who are provided a waiver and who arrive and depart U. S. airports
and seaports.

34

Objective 1 Results

Legislative Conditions

US- VISIT expenditure plan partially satisfies the legislative conditions.

Condition 1 partially met. The plan, including related program
documentation and program officials* statements, partially meets the
capital planning and investment control review requirements established by
OMB, including OMB Circular A- 11, part 3, which establishes policy for
planning, budgeting, acquisition, and management of federal capital
assets.

Details of our analysis are shown on the table that follows. 35

Objective 1 Results

Legislative Conditions Examples of A- 11 conditions Results of our
analysis

Indicate whether the project was The plan was conditionally approved by
DHS*s IRB, which is

approved by Investment Review Board chaired by the Deputy Secretary and
composed of department

(IRB) and reviewed by Chief Financial executives, including DHS*s Chief
Financial and Procurement

and Procurement Officers. Officers.

Provide justification and describe The plan provides a high- level
justification and description of

acquisition strategy. the acquisition strategy for Increment 1. DHS plans
to use existing contracts to interface and enhance existing systems for
Increment 1. Summarize life cycle costs and

DHS does not have current life cycle costs nor a current cost/ benefit
analysis, including the

cost/ benefit analysis for US- VISIT, but plans to develop these. return
on investment.

However, a date and plan for doing so have not been established. 1 Address
enterprise architecture. The plan states that US- VISIT is identified in
DHS*s enterprise

architecture (EA), but it does not explain how this project conforms to
DHS*s EA, which is currently under development. Further, DHS officials
could not provide evidence of USVISIT*s alignment with DHS*s EA
activities. 1 Address security and privacy. According to programofficials,
security and privacy

requirements have been defined, and a draft security plan and privacy
assessment is currently under review. 1 These areas are more fully
discussed in the observation section of the briefing.

36

Objective 1 Results

Legislative Conditions Condition 2 partially met. The plan, including
related program documentation and program officials* statements, partially
complies with the acquisition rules, requirements, guidelines, and systems
acquisition management practices of the federal government. These provide
a management framework based on the use of rigorous and disciplined
processes for planning, managing, and controlling the acquisition of IT
resources, including acquisition planning, solicitation, requirements
development and management, project management, contract tracking and
oversight, and evaluation.

Details of our analysis are shown on the table that follows. 37

Objective 1 Results

Legislative Conditions Examples of practices Results of our analysis

Acquisition planning. 1 For various reasons, including the recent
transition to DHS, many of the

Ensures that reasonable acquisition planning documents that had been
prepared for the former entry exit

planning for the system are outdated. For example, INS had developed an
acquisition plan, as

acquisition is conducted, required by INS acquisition policies and
procedures that outlined its approach and

including, among other strategy for acquiring the entry exit system.
According to DHS officials, the plan is

things, developing an no longer current.

acquisition strategy and DHS officials stated that they have updated some
of these acquisition planning

plan, determining the cost documents, submitted them to the IRB on June
30, 2003, and plan to meet with and schedule, identifying

the IRB on July 17, 2003. DHS plans to update additional planning
documents by risks, and defining

August 7, 2003. For example, DHS plans to update its acquisition plan and
requirements.

develop a life cycle cost estimate and risk management plan for Increment
1.

Project management. 1 According to US- VISIT program officials,
interfacing and enhancing existing

Provides for the systems under Increment 1 are being managed according to
the former INS*s

management of activities SDLC. 2 However, they could not provide evidence
to support this statement;

within the project office because of time constraints, we did not verify
whether these contractors and

and supporting associated DHS acquisition entities were following the
SDLC.

contractors to ensure a These officials also stated that US- VISIT will
transition to DHS*s SDLC when it is

timely, efficient, and costeffective completed. However, they did not know
when the DHS SDLC would be complete,

acquisition. and therefore when US- VISIT will transition.

1 These practices are addressed in our observations section. 2 An SDLC
(Systems Development Life Cycle) is a management process that specifies,
for a series of *cradle to grave* phases,

the development activities to be performed, products to be generated, and
the decision points to determine whether the project is ready for the next
phase.

38

Objective 1 Results

Legislative Conditions Condition 3 met. The plan satisfies the requirement
that it be reviewed by GAO. Our review was completed on July 18, 2003.

39

Objective 2 Results

Open Recommendations Open Recommendation 1: Develop a system security plan
and privacy impact assessment.

Status: In progress The expenditure plan states that adequate security and
privacy related measures are to be built into the US- VISIT system and
that these measures will comply with emerging DHS security policies,
relevant security- related laws, OMB circulars, and privacy guidelines of
the federal Chief Information Officer Council*s best practices.

According to program officials, system security and privacy requirements
have been defined, and a draft security plan and privacy assessment is
currently under review.

40

Objective 2 Results

Open Recommendations Open Recommendation 2: Ensure that controls in the
area of acquisition planning, solicitation, requirements development and
management, project management, contract tracking and oversight, and
evaluation be implemented in accordance with SEI guidance.

Status: Planned DHS has recently approved a program management structure
that includes functions consistent with these acquisition management
controls: acquisition planning, solicitation, requirements development and
management, project management, contract tracking and oversight, and
evaluation. According to the USVISIT Program Director, these functions
will be performed consistent with SEI*s guidance. However, the department
does not currently have explicit plans and associated time frames for
developing and implementing these acquisition management controls.

41

Objective 2 Results

Open Recommendations Open Recommendation 3: Ensure that future expenditure
plans be provided to the Department*s House and Senate Appropriations
Subcommittees in advance of US- VISIT funds being obligated.

Status: Partially complete In fiscal year 2003, Justice requested $380
million for the entry exit program (now US- VISIT)*$ 362 million in new
funding and $18 million in fiscal year 2003 base resources. 1 In
conjunction with the Consolidated Appropriations Resolution, 2003, the
conference report 2 recommended $362 million for the entry exit system
(now US- VISIT) and related IT infrastructure upgrades.

In June 2003, DHS provided its fiscal year 2003 expenditure plan to the
Senate and House Appropriations Subcommittees on Homeland Security. In
April 2003, H. R. Conf. Rep. No. 108- 76, at 80 (2003), recommended that
DHS use $5 million for US- VISIT. DHS allocated this $5 million to the US-
VISIT program.

1 According to DHS officials, the $18 million in base resources was to
come from the user fee account. However, according to these officials,
given the decrease in user fee receipts since September 11, 2001, it is
unclear whether that $18 million will be available for the US- VISIT
program. 2 H. R. Conf. Rep. No. 108- 10, at 623 (2003).

42

Objective 2 Results

Open Recommendations Open Recommendation 4: Ensure that future expenditure
plans fully disclose USVISIT system capabilities, schedule, cost, and
benefits to be delivered.

Status: Partially complete The expenditure plan identifies high- level
capabilities by increment, such as

 recording the arrival and departure of foreign nationals using passenger
and crew manifest data,

 implementing biometrics, and  being interoperable with other entities,
including law enforcement and

intelligence agencies. The plan also identifies a high- level schedule for
implementing the system. For example, Increment 1 is to be implemented by
December 31, 2003; Increment 2 by December 31, 2004; and Increment 3 by
December 31, 2005.

43

Objective 2 Results

Open Recommendations

The plan also includes categories of expenditures, such as system
enhancements and infrastructure upgrades, facilities planning, analysis
and design, and POE IT and communications upgrades. However, the plan does
not explicitly associate costs with incremental capabilities, time frames,
and benefits. For example, the plan does not state how much of the $85
million for POE IT and communications upgrades DHS plans to use for
Increment 1 or for other increments.

The plan identifies high- level goals for Increment 1 (i. e., positively
impact national security and overall efforts in the war against
terrorism). However, it does not identify expected benefits in tangible,
measurable, and thus meaningful terms, nor does it associate benefits with
increments. Therefore, it does not provide the basic data needed to
measure return on investment. US- VISIT program officials stated that they
intend to estimate program costs and benefits, but they did not have time
frames for doing so.

44

Objective 3 Results

Observations Observation: US- VISIT is a high risk endeavor. Ten separate
factors collectively expose the US- VISIT program to a high level of risk.
Some of these risk factors are inherent to the program, such as those
associated with its mission criticality and complexity. Others are a
product of the program*s relatively immature state of governance and
management. Unless these risk factors are effectively addressed, US- VISIT
is likely to fall short of envisioned expectations.

45

Objective 3 Results

Observations: Criticality

a. Mission is critical.  In fiscal year 2002, there were about 279
million inspections of foreign

nationals at U. S. POEs. The missed entry of just one person who poses a
threat to the United States can have severe consequences. One of DHS*s
critical missions is to prevent such an entry, and it intends to rely
heavily on US- VISIT to help it do so.

 Additionally, the US- VISIT system is to assist law enforcement in
identifying those visitors who overstay or otherwise violate the terms of
their visas.

 Further, in announcing the US- VISIT system, the Under Secretary stated
that the system would *give America a 21st Century *smart border** one
that speeds through legitimate trade and travel, but stops terrorists in
their tracks.*

46

Objective 3 Results

Observations: Complexity

b. Scope is large and complex.  US- VISIT is to support and refine a
large and complex governmentwide

process involving multiple departments and agencies. This process is to
control the pre- entry, entry, status, and exit of hundreds of millions of
foreign national travelers to and from the United States at over 300 air,
sea, and land POEs. It also requires the modification and expansion of
facilities at over 150 land POEs. The graphic below depicts the high-
level border security processes. The following graphics depict the
subprocesses.

47

Objective 3 Results

Observations: Complexity Simplified Diagram of Current Pre- entry Process

1 The Consular Lookout and Support System (CLASS) is a name check system
that contains records of people who may be ineligible to receive a
passport or visa.

48

Objective 3 Results

Observations: Complexity Simplified Diagram of Current Entry Process

1 The Non- Immigrant Information System (NIIS) collects arrival and
departure Form I- 94 data and reports information on overstays.

49

Objective 3 Results

Observations: Complexity Simplified Diagram of the Current Status Process

1 The National Crime Information Center (NCIC) provides information on
wanted persons and criminal histories. 50

Objective 3 Results

Observations: Complexity Simplified Diagram of the Current Exit Process

51

Objective 3 Results

Observations: Complexity

As mentioned previously, US- VISIT (Increments 1 through 4) is to include
the interfacing and integration of over 20 existing systems. Increment 1
includes the following seven existing systems:

 Arrival Departure Information System,  Advance Passenger Information
System,  Interagency Border Inspection System,  Automated Biometric
Identification System,  Student Exchange Visitor Information System, 
Computer Linked Application Information Management System, and  Consular
Consolidated Database. The following graphic shows the systems and their
relationships.

52

Objective 3 Results

Observations: Complexity Simplified Diagram of US- VISIT Increment 1
Component Systems and Relationships

1 Fingerprint Identification Number. 53

Objective 3 Results

Observations: Challenging Milestones

c. Milestones are challenging. Key US- VISIT milestones are legislatively
mandated. For example, the Immigration and Naturalization Service Data
Management Improvement Act of 2000 1 requires that US- VISIT be
implemented at all air and sea POEs by December 31, 2003; at the 50
highest volume land POEs by December 31, 2004; and at all remaining POEs
by December 31, 2005.

Because of limited progress over the last 7 years in addressing entry exit
legislative requirements, including the above cited milestones, DHS
acknowledges that it cannot complete permanent solutions in these time
frames and thus now plans to implement interim, or temporary solutions.
For example, as previously described, Increments 1 through 3 include the
interfacing of existing systems and the design and construction of interim
facilities at land POEs. Further, DHS officials have stated that it will
be difficult to develop and implement even the interim solutions at some
of the highest volume land POEs (such as San Ysidro, CA; Otay Mesa, CA;
and Laredo, TX) by December 31, 2004, because even minor changes in the
inspection time can greatly impact the average wait time at these high-
volume POEs. 1 P. L. 106- 215 (June 15, 2000).

54

Objective 3 Results

Observations: Cost

d. Potential cost is significant. The potential governmentwide cost of US-
VISIT over just a 10- year period will likely be in the tens of billions
of dollars.

In February 2003, DHS estimated the total overall cost of the US- VISIT
program to be about $7.2 billion through fiscal year 2014. This estimate
includes system investment costs, such as IT hardware and communications
infrastructure, software enhancements and interfaces, as well as the cost
of facilities and additional inspectors. It also includes system and
facilities operation and maintenance costs.

55

Objective 3 Results

Observations: Cost

 The estimate does include the cost of planning, designing, and
constructing permanent facilities, which according to DHS is about $2.9
billion. 1 This estimate is based on the assumptions that (1) no
additional traffic lanes will be required to support the entry processes
and (2) exit facilities will mirror entry facilities (i. e., that a land
POE with 10 entry traffic lanes will require 10 exit traffic lanes). The
estimate includes the costs to design and construct building space to
house additional computer equipment and inspectors, as well as the costs
for highway reconfiguration at land POEs.

The estimate does not include the costs to design and construct interim
facilities at land POEs. DHS officials estimate that the cost of
constructing the interim facilities at the 50 highest volume POEs is about
$218 million.

1 The $2.9 billion is a parametric cost estimate. Parametric cost
estimating is a technique used in the planning, budgeting, and conceptual
stages of projects. This technique expedites the development of order of
magnitude benchmark estimates when discrete estimating techniques are not
possible or would require inordinate amounts of time and resources to
produce similar results. Estimates such as this can vary +- 30 to 50
percent.

56

Objective 3 Results

Observations: Cost

 The estimate does include the cost of implementing biometrics. However,
these costs may be understated because it does not include, for example,
State Department costs. Specifically, in November 2002, 1 we reported that
a rough order of magnitude estimate of the cost to implement visas with
biometrics would be between $1.3 billion and $2.9 billion initially and
between $0.7 and $1.5 billion annually thereafter. This estimate is based
on certain assumptions, including that all current visa- issuing embassies
and consulates will be equipped to collect biometrics from visa
applicants. Assuming that biometrics are implemented by December 2004,
this means that the recurring cost of having biometric visas through DHS*s
fiscal year 2014 life cycle period would be between $7 and $15 billion; in
contrast, DHS has estimated a cost of about $7.2 billion for the entire
program through fiscal year 2014.

1 U. S. General Accounting Office, Technology Assessment: Using Biometrics
for Border Security , GAO- 03- 174 (Washington, D. C.: Nov. 15, 2002).

57

Objective 3 Results

Observations: Existing Problems

e. Existing systems have known problems. The system performance of US-
VISIT Increments 1, 2, and 3 is largely dependent on the performance of
the existing systems that are to be interfaced to form it. For example,
US- VISIT system availability and associated downtime will be constrained
by the availability of the interfaced systems. In this regard, some of the
existing systems have known problems that could limit US- VISIT
performance. For example:

 Recent reports have identified problems with the availability and
reliability of SEVIS, which is the Internet- based system designed to
manage and monitor foreign students in the United States. For example, in
April 2003, the Justice Inspector General reported that many users had
difficulty logging on to the system, and that as the volume of users grew,
the system became increasingly sluggish. 1 Other reports indicated that
university representatives complained that it was taking hours to log on
to the system and to enter a single record, or worse, that the system
accepted the record and later deleted it.

1 Statement of Glenn A. Fine, Inspector General, U. S. Department of
Justice, *Implementation of the Student and Exchange Visitor Information
System (SEVIS)* (Apr. 2, 2003).

58

Objective 3 Results

Observations: Existing Problems

 Similarly, we reported in May 2001 1 that CLAIMS 3 is unreliable; this
system contains information on foreign nationals who request benefits and
is used to process benefit applications other than naturalization.
Specifically, we reported that INS officials stated that CLAIMS 3 was
frequently unavailable and did not always update and store important case
data when field offices transferred data from the local CLAIMS 3 system to
the mainframe computer.

1 U. S. General Accounting Office, Immigration Benefits: Several Factors
Impede Timeliness of Application Processing , GAO- 01- 488 (Washington, D.
C.: May 4, 2001).

59

Objective 3 Results

Observations: Governance

f. Governance structure is not established. Our experience shows that one
key to successfully implementing large and complex modernization programs
that involve multiple organizations, such as USVISIT, is to have an
executive body, composed of representatives from each stakeholder
organization, to guide and direct the program. Among other things, this
body should (1) be formally chartered, (2) include representatives that
are empowered to make and enforce decisions and commit resources for their
respective organizations, and (3) be responsible and accountable for the
program progress and outcomes.

The US- VISIT program is governmentwide in scope, involving multiple
departments and agencies. However, it is not currently being guided and
directed by a governance structure that reflects this program scope.
Instead, the program relies on a combination of

 the DHS Investment Review Board (IRB), which is the department*s
chartered investment decisionmaking body, made up of senior leadership
from the department, and

60

Objective 3 Results

Observations: Governance

 an integrated project team representing many US- VISIT stakeholder
organizations (e. g., Customs and Border Protection, the Transportation
Security Administration, and the State Department).

However, the IRB*s chartered mission and authority governs only DHS
activities, and does not govern non- DHS, stakeholder activities, such as
issuing visas and passports, and the integrated project team does not
include stakeholder representatives who can personally commit resources
and make and enforce decisions for their respective organizations.
Moreover, according to the US- VISIT Program Director, who heads the
integrated project team, the integrated project team*s role is basically
to advise the US- VISIT program office.

The Under Secretary for Transportation and Border Security, who is a
member of the department*s IRB, is assigned responsibility and
accountability for program governance. However, the Program Director
stated that a governance body with appropriate representation from all
relevant program stakeholder organizations would benefit the program.
Until such a body is established to address important crosscutting issues,
such as operational decisions and resource needs, US- VISIT is at risk of
not delivering promised system capabilities and benefits on time and
within budget.

61

Objective 3 Results

Observations: Program Management

g. Program management capability is not implemented. Our experience with
major modernization programs, like US- VISIT, shows that they should be
managed as a formal program, which includes establishing a program office
that is (1) adequately staffed (numbers and skill levels), (2) grounded in
clearly defined roles and responsibilities, and (3) supported by rigorous
and disciplined acquisition management processes.

DHS established a US- VISIT program office in June 2003, 1 and recently
determined this office*s staffing needs to be 115 government and 117
contractor personnel (in all) to perform key acquisition management
functions. The Software Engineering Institute*s Software Acquisition
Capability Maturity Model (SA- CMM (R) ) 2 has defined a suite of key
acquisition process areas that are necessary to manage the system
acquisition program in a rigorous and disciplined fashion. These process
areas include acquisition planning, requirements development and
management, project management, solicitation, contract tracking and
oversight, evaluation, and transition to support. 1 The predecessor
program office for the entry exit program was established within the
former INS in March 2002.

2 Carnegie Mellon Software Engineering Institute, Software Acquisition
Capability Maturity Model , Version 1.03 (March 2002).

62

Objective 3 Results

Observations: Program Management

As of July 10, 2003, the US- VISIT program*s staffing levels were far
below DHS*s stated needs. Specifically, the US- VISIT program officials
stated that the program office has 10 staff within the program office and
another 6 staff that are working closely with them. Moreover, specific
roles and responsibilities have not been defined beyond general
statements. Further, plans and associated time frames for achieving needed
staffing levels and defining roles, responsibilities, and relationships
have not yet been defined. According to the Program Director, positions
are to be filled with detailees from various DHS component organizations.
Positions are also to be filled with full- time equivalent slots from
other DHS components that are not currently filled.

Additionally, while the approved program office structure (see slide 65)
provides for positions to perform the SA- CMM (R) key process areas,
including acquisition planning, requirements development and management,
project management, and contract tracking and oversight, none of the
process areas have been defined and implemented. In the interim, the
program office is relying on the knowledge and skills of existing program
office staff to execute these important acquisition functions.

63

Objective 3 Results

Observations: Program Management

According to the Program Director, needed program staffing and key process
areas are not yet in place because the program is only now getting off the
ground, and it will take time to establish a fully functioning and capable
program management capability. Until the program office is adequately
staffed, positional roles and responsibilities are clearly defined and
understood, and rigorous and disciplined acquisition process controls are
defined, understood, and followed, DHS*s ongoing efforts to acquire,
deploy, operate, and maintain system capabilities will be at risk of not
producing promised performance levels, functionality, and associated
benefits on time and within budget.

The graphic on the next page shows the US VISIT program management
structure. 64

Objective 3 Results

Observations: Program Management Approved US- VISIT Program Management
Structure

1 A geographic information system (GIS) is a system of computer software,
hardware, and data used to manipulate, analyze, and graphically present a
potentially wide array of information associated with geographic
locations.

65

Objective 3 Results

Observations: Operational Context

h. Operational context is unsettled. To effectively define, establish, and
implement a program (particularly one that involves restructuring and
reengineering the use of people, processes, technology, and facilities
from physically and culturally divergent organizations), it is essential
that the program be aligned with a common blueprint, or frame of
reference, governing key aspects of program operations* e. g., what
functions are to be performed by whom, when and where they are to be
performed, what information is to be used to perform them, and what rules
and standards will govern the application of technology to support them.
Such a frame of reference is referred to as an enterprise architecture
(EA). In brief, an EA defines the operations of an enterprise, such as
DHS, in both business terms (e. g., policies, processes, information,
locations) and technical terms (e. g., hardware and software standards).
It also provides these operational definitions for both the *as is* state
and the *to be* state, and it includes a transition plan for moving
between the two.

66

Objective 3 Results

Observations: Operational Context

The operational context, or EA, within which US- VISIT is to exist has not
been defined. Currently, DHS is developing an EA and reports that it is to
be completed by October 2003. If developed effectively, the department*s
EA should provide the operational context necessary to effectively define,
establish, and make operational US VISIT.

In the absence of an EA, certain policy and standards information that is
necessary to effectively define, establish, and implement the US- VISIT
program is not yet available. In particular, policy decisions have not
been made governing (1) whether official travel documents will be required
for all persons who enter and exit the country, including U. S. and
Canadian citizens, and (2) whether biometrics will be captured and used
for all persons entering and exiting the country, including U. S. and
Canadian citizens. Some of these policy decisions may necessitate changes
to existing laws and regulations.

Similarly, certain technology standards, such as the number of
fingerprints to be collected, are only now emerging, with a tentative
agreement to use two fingerprints and plans to migrate to eight prints for
enrollment. Also, the specific processes have yet to be defined (e. g.,
entry and exit procedures and border personnel roles and responsibilities
relative to implementation of the procedures).

67

Objective 3 Results

Observations: Operational Context

Because this operational context is unsettled and unclear, the program
office is making certain assumptions and decisions necessary to meet near-
term deadlines, such as the use of a two- fingerprint biometric, and
adoption of border crossing processes that will implement planned system
capabilities in whatever way needed to avoid (1) requiring additional
facilities and personnel for Increment 1 and (2) increasing wait times for
traffic crossings. If these assumptions and decisions are not aligned with
DHS*s EA, then near- term investments in systems and associated process
will need to be reworked or replaced. Moreover, the mission value of the
planned system capabilities that are actually implemented (made
operational) at the border could be minimal. For example, inspectors may
have to limit their use of installed system capabilities (such as those
for capturing biometrics) to prevent traffic delays.

Unless DHS can coordinate its plans for developing its EA (and thus
providing a clear operational context) with its near- term implementation
plans for US VISIT, the department is increasing its near- term risk of
defining, establishing, and implementing a program and supporting system
that will not cost- effectively meet mission needs.

68

Objective 3 Results

Observations: Near- Term Facilities

I. Near- term facilities solutions pose challenges. According to DHS
officials, DHS*s existing facilities do not adequately support the current
entry exit process at land POEs. In particular, more than 100 land POEs
have less than 50 percent of the required capacity to support current
inspection processes and traffic levels. 1 As a result, as part of US
VISIT (increment 2), DHS plans to construct interim facilities at about 40
of the 50 highest volume land POEs by December 31, 2004, and construct
interim facilities at the remaining portion of the 50 by February 2005. To
accomplish this, DHS plans to begin awarding design contracts in August
2003, and construction contracts in February 2004.

1 Data Management Improvement Act Task Force, First Annual Report to
Congress (Washington, D. C.: December 2002).

69

Objective 3 Results

Observations: Near- Term Facilities

According to DHS officials, the department plans to design and construct
interim facilities to (1) support the US- VISIT inspection process,
technology, and staff requirements; and (2) meet current traffic wait time
requirements at each land POE. To plan for the design and construction of
interim facilities that meet these requirements, DHS is modeling various
inspection process and facilities scenarios to define what inspection
process to follow and what interim facilities to construct. DHS officials
told us that preliminary modeling exercises show that 3-, 6-, and 9-
second incremental increases in average inspection times at some high
volume land POEs can significantly increase average wait times at these
POEs. For example, peak wait time at the Blaine Peace Arch POE in
Washington could increase by more than 11 hours if the average inspection
increased by 9 seconds.

The modeling exercise was based on two key assumptions: (1) the current
staffing level and (2) the current number of inspection booths staffed for
each POE. (see figure on next slide for modeling results at six POEs).

70

Objective 3 Results

Observations: Near- Term Facilities High- Volume Ports Maximum Vehicle
Wait Time as a Function of Added Inspection Time

71

Objective 3 Results

Observations: Near- Term Facilities

At this point, DHS officials told us that they are planning to satisfy
interim facilities constraints and requirements by installing temporary
booths on existing traffic lanes and employing additional inspectors at
some of the highest volume land POEs. 1 However, they also stated that the
high traffic volumes and urban locations of some land POEs will make
meeting US- VISIT constraints and requirements challenging, even on an
interim basis. Moreover, given existing facilities constraints, developing
interim facilities plans without defined inspection process, staff, and
technology requirements introduces considerable uncertainty and risk that
resources invested in interim facilities may not fully satisfy constraints
and requirements and may not be useful in the design and construction of
permanent facilities.

1 At this point, DHS is not planning to acquire additional land for
interim facilities at land ports of entry. 72

Objective 3 Results

Observations: Value of First Increment

j. Mission value of first increment is currently unknown. OMB Circular
Number A- 11, part 3, requires that investments in major systems be
implemented incrementally, with each increment delivering tangible and
measurable benefits. Incremental investment involves justifying investment
in each increment on the basis of benefits, costs, and risks.

DHS is pursuing US- VISIT incrementally, but it has not defined the
specific benefits to be provided by Increment 1.

 The expenditure plan states that Increment 1 will provide *immediate
benefits,* but it does not describe them. Instead, it describes
capabilities to be provided, such as the ability to determine whether a
foreign national should be admitted and perform checks against watch
lists. It does not describe in meaningful terms the benefits that are to
result from implementation of these capabilities (e. g., X percent
reduction in inspection times or Y percent reduction in false positive
matches against watch lists).

73

Objective 3 Results

Observations: Value of First Increment

 In fact, because DHS has not yet defined the processes that are to
govern the extent to which planned Increment 1 system capabilities will be
implemented (as discussed previously), and because these processes are to
be constrained by existing facilities and personnel and are not to result
in increases in wait times for traffic crossings, it is not possible at
this point to reliably project tangible and measurable Increment 1 mission
benefits.

The expenditure plan also does not identify the estimated cost of
Increment 1. The Program Director told us that the $375 million requested
in the plan includes not only all the funding required for Increment 1,
but also funding for later increments. However, the plan does not separate
the funds by increment, and program officials did not provide this
information.

To DHS*s credit, the expenditure plan does identify certain program risks,
such as not having established clear decision authorities for policy and
other operational questions and schedule slippage due to the aggressive
milestones. However, it has yet to address how these risks will be
mitigated, and the extent to which the status of program risks that are
deemed *high impact/ high probability of occurrence* will be disclosed to
program executives.

74

Objective 3 Results

Observations: Value of First Increment

In February 2003, DHS developed a benefits and cost analysis for the
former entry exit program. However, this analysis had limitations, such as
an absence of meaningful benefit descriptions, and program officials
acknowledged that it is out of date and is not reflective of current US-
VISIT plans. According to these officials, an updated analysis will be
prepared; however, a date and plan for doing so has not been set.

Without a reliable understanding of whether Increment 1 will produce
mission value commensurate with costs and whether known risks can be
effectively mitigated, DHS is investing in and implementing a near- term
solution that is not adequately justified.

75

Conclusions The fiscal year 2003 US- VISIT expenditure plan (with related
program office documentation and representations) either partially
satisfies or provides for satisfying the legislative conditions imposed by
Congress.

The US- VISIT program leadership has expressly committed to developing and
implementing the program acquisition management capabilities and the
expenditure plan content described in our open recommendations. However,
much remains to be accomplished before these recommendations are fully
implemented.

By definition, US- VISIT is a risky undertaking because it is to perform a
critical mission, its scope is large and complex, it must meet a demanding
implementation schedule, and its potential cost is enormous. Generally,
these risk factors are inherent to the program and cannot be easily
changed.

76

Conclusions However, compounding these inherent risk factors are a number
of others that are attributable to the program*s current state of
governance and management and its acquisition approach. These include
relying on existing systems to provide the foundation for the first three
program increments (and thus having to accept the performance limitations
of these existing systems), not having a governance structure to guide and
direct the program office, not having a mature program management
capability, not having stabilized the operational context within which the
program is to operate (and thus having to make assumptions about this
context), not having fully defined near- term facilities solutions, and
not knowing the mission value that is to be derived from the first US-
VISIT increment.

Because of all these risk factors, the ability of US- VISIT to measurably
and appreciably achieve DHS*s stated goals of facilitate legitimate travel
and trade, enhance national security, and adhere to U. S. privacy laws and
policies is uncertain. Moreover, DHS*s near- term investment in the
program is at risk of not delivering promised capabilities on time and
within budget, and not producing mission value commensurate with
investment costs. Thus, it is imperative that the factors that contribute
to this level of risk are addressed thoroughly and expeditiously.

77

Recommendations for Executive Action To address US- VISIT as a
governmentwide program and to minimize the risks facing the program, we
recommend that the Secretary of Homeland Security, in collaboration with
cabinet officials from US- VISIT stakeholder departments and agencies,

 establish and charter an executive body, chaired by the Secretary*s
designee, potentially co- chaired by the leadership from key stakeholder
departments and agencies, and composed of appropriate senior- level
representatives from DHS and each stakeholder organization, to guide and
direct the US- VISIT program; and

 direct this executive body to immediately take steps to (1) ensure that
the human capital and financial resources are expeditiously provided to
establish a fully functional and effective US- VISIT program office and
associated management capability, (2) clarify the operational context
within which USVISIT must operate, and (3) decide whether proposed US-
VISIT increments will produce mission value commensurate with costs and
risks and disclose to the Congress planned actions based on this body*s
decisions.

78

Recommendations Further, we recommend that the Secretary, through the
Under Secretary for Border and Transportation Security, direct the US-
VISIT Program Director to expeditiously establish an effective program
management capability, including immediately

 defining program office positional roles, responsibilities, and
relationships;  developing and implementing a human capital strategy that
provides for

staffing these positions with individuals who have the requisite core
competencies (knowledge, skills, and abilities);

 developing and implementing a plan for satisfying key SEI acquisition
management controls, to include acquisition planning, solicitation,
requirements development and management, project management, contractor
tracking and oversight, evaluation, and transition to support;

 developing and implementing a risk management plan and ensuring that all
high risks and their status are reported regularly to the executive body;

79

Recommendations  defining performance standards for each US- VISIT system
increment that are

measurable and reflect the limitations imposed by relying on existing
systems to form these system increments; and

 developing an analysis of incremental program cost, benefits, and risks,
and providing this analysis to the executive body, to assist it in the
body*s deliberations and decision- making.

80

Agency Comments We provided DHS a draft of this briefing and discussed its
contents with the USVISIT Program Director and Deputy Director. In its
oral comments, DHS agreed with our findings, conclusions, and
recommendations. The department also provided some technical comments,
which we have incorporated into the briefing, as appropriate. Further, the
US- VISIT Program Director stated that our work was very helpful to him
and to the program.

81

Attachment I

Legislative History Legislation Key requirements

Illegal Immigration By September 30, 1998, the Attorney General shall
develop an automated entry exit control

Reform and Immigrant system that*

Responsibility Act of (1) collects a record of departure for every alien
departing the United States and matches it with

1996 the corresponding arrival record and

P. L. 104- 208 (2) identifies, through on- line searching procedures,
lawfully admitted aliens who overstay their

September 30, 1996 visas.

Overstay information identified through the system shall be integrated
into appropriate databases of the Immigration and Naturalization Service
(INS) and the Department of State, including those used at ports of entry
and at consular offices. Notwithstanding any other provision of federal,
state, or local law, a federal, state, or local government entity or
official may not prohibit or in any way restrict any government entity or
official from sending to or receiving from INS information regarding the
citizenship or immigration status, lawful or unlawful, of any individual.
INS Data Management

For the purposes of this section, the term *integrated entry and exit data
system* means an Improvement Act of

electronic system that* 2000

(1) provides access to, and integrates, alien arrival and departure data
that are (a) authorized or P. L. 106- 215

required to be created or collected under law; (b) in an electronic
format; and (c) in a database June 15, 2000

of the Department of Justice or the Department of State, including those
created or used at ports of entry and at consular offices; (2) uses
available data described above to produce a report of arriving and
departing aliens by country of nationality, classification as an immigrant
or nonimmigrant, and date of arrival in and departure from the United
States; (3) matches an alien*s available arrival data with the alien*s
available departure data; (4) identifies, through on- line searching
procedures, lawfully admitted nonimmigrants who may have remained in the
United States beyond the period authorized by the Attorney General; and

82

Attachment I

Legislative History Legislation Key requirements

INS Data Management (5) otherwise uses available alien arrival and
departure data described in paragraph (1) above

Improvement Act of to permit the Attorney General to make the reports
required under 8 U. S. C. section 1365a( e):

2000  Number of departure records collected, with an accounting by
nationality.

P. L. 106- 215  Number of departure records that were successfully
matched to records of arrival, with an

June 15, 2000 accounting by nationality and classification as an immigrant
or nonimmigrant.

(cont*d)  Number of aliens who arrived pursuant to a nonimmigrant visa,
or the Visa Waiver Program,

for whom no matching departure data have been obtained through the system
or by other means as of the end of the alien*s authorized period of stay,
with an accounting by nationality and arrival date in the United States. 
Number of lawfully admitted nonimmigrants identified as visa overstays,
with an accounting by

nationality. The Attorney General shall implement the integrated entry
exit system at airports and seaports by December 31, 2003. System
requirements:  include available arrival/ departure data,  ensure that
the arrival/ departure data, when collected or created by an immigration
officer, are

entered into the system and can be accessed by other officers at other
air/ seaports. The Attorney General must implement the system at the 50
busiest land border ports of entry by December 31, 2004. System
requirements:  Same as specified above  Arrival/ departure data on
aliens shall be accessible at other high- traffic land border ports of

entry. The system shall be fully implemented at all remaining ports of
entry by December 31, 2005.

83

Attachment I

Legislative History Legislation Key requirements

Visa Waiver Permanent Not later than October 1, 2001, the Attorney General
shall develop and implement a fully automated

Program Act entry exit control system that will collect a record of
arrival and departure for every alien who arrives

P. L. 106- 396 and departs by sea or air at a port of entry in the United
States and is provided a waiver. Not later

than October 1, 2002, the system shall enable immigration officers
conducting inspections at ports October 30, 2000

of entry to obtain from the system, with respect to aliens seeking a
waiver, (1) any photograph of the alien that may be contained in the
records of the State Department or INS; and (2) information on whether the
alien has ever been determined to be ineligible to receive a visa or be
admitted to the United States. The system shall maintain, for a minimum of
10 years, information about each application for admission made by an
alien seeking a waiver. On and after October 1, 2007, the alien at the
time of application for admission must have a valid unexpired machine-
readable passport that satisfies the internationally accepted standard for
machine readability. Countries designated to participate before May 1,
2000, shall issue machine- readable passports no later than October 1,
2003. All Visa Waiver Program (VWP) applicants are to be checked against
lookout systems. By October 1, 2002, no waiver may be provided to an alien
arriving by air or sea at a port of entry on a carrier unless the carrier
is electronically transmitting passenger data to the entry exit system.
Not less than 1 hour before arrival at port of entry, signatory aircraft
transporting VWP aliens must electronically furnish the passenger data
required by the Attorney General in regulations. The system shall contain
sufficient data to permit the Attorney General to calculate, for each
program country and each fiscal year, the portion of nationals of that
country who arrive under VWP at air and sea ports of entry but for whom no
record of departure exists, expressed as a percentage of the total number
of such VWP aliens for the particular country.

84

Attachment I

Legislative History Legislation Key requirements

USA PATRIOT ACT Focus of system development shall be on (a) utilization of
biometric technology and (b) tamper

P. L. 107- 56 resistant documents readable at ports of entry.

October 26, 2001 The system must be accessible to (a) all consular
officers responsible for visa issuance, (b) all

federal inspection agents at all U. S. border inspection points, and (c)
all law enforcement and intelligence officers responsible for
investigation or identification of aliens. The entry exit system must be
able to interface with law enforcement databases to be used by federal law
enforcement to identify and detain individuals who pose a threat to the
national security of the United States

Aviation and (1) Not later than 60 days after the date of enactment, each
air carrier and foreign air carrier

Transportation Security operating a passenger flight in foreign air
transportation to the United States shall provide to the

Act Commissioner of Customs by electronic transmission a passenger and
crew manifest containing

P. L. 107- 71 the following information:

November 19, 2001  The full name of each passenger and crew member.

 The date of birth and citizenship of each passenger and crew member. 
The sex of each passenger and crew member.  The passport number and
country of issuance of each passenger and crew member if required

for travel.  The U. S. visa number or resident alien card number of each
passenger and crew member, as

applicable.  Such other information as the Under Secretary of
Transportation for Security, in consultation with

the Commissioner of Customs, determines is reasonably necessary to ensure
aviation safety. Carriers may use the advanced passenger information
system established under section 431 of the Tariff Act of 1930 (19 U. S.
C. 1431) to provide the information required by the preceding sentence.

85

Attachment I

Legislative History Legislation Key requirements

Aviation and (2) Passenger name records* The carriers shall make passenger
name record information

Transportation Security available to the Customs Service upon request.

Act (3) Transmission of manifest* a passenger and crew manifest required
for a flight under paragraph

P. L. 107- 71 (1) above shall be transmitted to the Customs Service in
advance of the aircraft landing in the

November 19, 2001 United States in such manner, time, and form as the
Customs Service prescribes.

(cont*d) (4) Transmission of manifests to other federal agencies* Upon
request, information provided to the

Under Secretary or the Customs Service under this subsection may be shared
with other federal agencies for the purpose of protecting national
security. Enhanced Border

No later than October 26, 2004, the Secretary of State and the Attorney
General shall issue to Security and Visa Entry

aliens only machine- readable, tamper- resistant visas and other travel
and entry documents that use Reform Act of 2002

biometrics. In addition to the requirement for biometric identifiers,
name- search capacity and P. L. 107- 173

support must also be implemented between 18 months and 4.5 years after the
date of enactment. May 14, 2002

Not later than October 26, 2004, the Attorney General and Secretary of
State shall install at all U. S. ports of entry equipment and software to
allow biometric comparison and authentication of all U. S. visas and other
travel and entry documents issued to aliens. Not later than January 1,
2003, arrival and departure manifests must be electronically provided to
appropriate immigration officers for each passenger (including crew
members and any other occupants) of air and sea carriers at port of entry.
The information to be provided with respect to each person listed on a
manifest shall include (1) complete name; (2) date of birth; (3)
citizenship; (4) sex; (5) passport number and country of issuance; (6)
country of residence; (7) U. S. visa number, date, and place of issuance,
where applicable; (8) alien registration number, where applicable; (9) U.
S. address while in the United States; and (10) such other information
that the Attorney General, in consultation with the Secretaries of State
and the Treasury, determines as being necessary for the identification of
the persons transported and for the enforcement of the immigration laws
and to protect safety and national security.

86

Attachment II

Scope and Methodology

To accomplish our objectives, we  analyzed the expenditure plan against
legislative conditions and other relevant

federal requirements, guidance, and best practices to determine the extent
to which the conditions were met;

 analyzed supporting documentation and interviewed program officials to
determine capabilities in key program management areas, such as
acquisition planning, enterprise architecture, and project management;

 analyzed key acquisition management controls documentation and
interviewed program officials to determine the status of our open
recommendations;

 attended program working group meetings; and  assessed DHS*s plans and
ongoing and completed actions to establish and

implement the US- VISIT program (including acquiring the US- VISIT system,
expanding and modifying existing port of entry facilities, and developing
and implementing policies and procedures) and compared them to existing
guidance to assess risks.

87

Attachment II

Scope and Methodology

We did not independently validate DHS*s provided information. We conducted
our work at DHS headquarters in Washington, D. C., from April through July
2003 in accordance with generally accepted government auditing standards.

88

Comments from the Department of Homeland

Appendi x II Security

(310266)

a

GAO United States General Accounting Office

DHS*s fiscal year 2003 US- VISIT expenditure plan and related
documentation partially satisfied the conditions imposed by the Congress,
which include meeting the capital planning and investment control review
requirements of the Office of Management and Budget (OMB). For example,
DHS fulfilled the OMB requirement that agencies state whether projects are
approved by investment review boards and reviewed by Chief Financial and
Procurement Officers; the plan was conditionally approved by DHS*s review
board, which

includes DHS*s Chief Financial and Procurement Officers. On the other
hand, OMB guidance requires that agency plans summarize life cycle costs
and include a cost/ benefit analysis that covers return on investment. DHS
has not yet established a date and plan for developing these for US-
VISIT, although program officials stated that they intend to do so. GAO
also identified 10 factors (see figure) affecting US- VISIT and concluded

that the program is a very risky endeavor. Some risk factors are inherent
to the program, such as its mission criticality, its size and complexity,
and its enormous potential costs. Others, however, arise from the
program*s

relatively immature state of governance and management. For example,
although the program has governmentwide scope, an accountable governance
structure to direct and oversee the program that reflects this scope is
not yet established. In addition, a US- VISIT program management
capability has yet to be established, important aspects defining the
program*s operating environment are not decided, facility needs are
unclear and challenging, and the mission value to be derived from the
program*s

initial operating capability is unknown. Because of the risk factors, GAO
concluded that it is uncertain that US- VISIT will be able to measurably
and appreciably achieve DHS*s stated goals for the program. Further, DHS*s
near- term investment in the program is at risk of not delivering promised
capabilities on time and within budget and not producing mission value
commensurate with investment costs. Factors That Collectively Make US-
VISIT a Risky Endeavor

The Department of Homeland Security (DHS) plans to establish a program to
strengthen management of the pre- entry, entry, status, and exit of
foreign

nationals who travel to the United States. The goals of the program, known
as the United States Visitor and Immigrant Status Indicator Technology
(US- VISIT), are to facilitate legitimate trade and travel, enhance
national security, and adhere to U. S. privacy laws and policies. By
congressional mandate, DHS is to develop and submit for approval an
expenditure plan for US- VISIT that satisfies

certain conditions, including being reviewed by GAO. GAO was asked to
determine, among other things, whether the plan satisfies these

conditions and to provide observations about the plan and DHS*s management
of the program.

GAO is making a number of recommendations to the Secretary of DHS aimed at
minimizing the risks facing US- VISIT, including (1) establishing an
executive body, composed of appropriate stakeholder representatives, to
guide and direct the program, be held accountable for the program*s

progress and outcomes, and address key program issues and make associated
decisions and (2) taking steps to establish an

effective program management capability. DHS concurred with our
recommendations and stated that it has made progress toward addressing
them.

www. gao. gov/ cgi- bin/ getrpt? GAO- 03- 1083 To view the full product,
including the scope and methodology, click on the link above. For more
information, contact Randolph C. Hite at (202) 512- 3439 or hiter@ gao.
gov. Highlights of GAO- 03- 1083, a report to

Subcommittees on Homeland Security, Senate and House Committees on
Appropriations

September 2003

HOMELAND SECURITY

Risks Facing Key Border and Transportation Security Program Need to Be
Addressed

Page i GAO- 03- 1083 Homeland Security

Contents

Page ii GAO- 03- 1083 Homeland Security

Page 1 GAO- 03- 1083 Homeland Security United States General Accounting
Office Washington, D. C. 20548

Page 1 GAO- 03- 1083 Homeland Security

A

Page 2 GAO- 03- 1083 Homeland Security

Page 3 GAO- 03- 1083 Homeland Security

Page 4 GAO- 03- 1083 Homeland Security

Page 5 GAO- 03- 1083 Homeland Security

Page 6 GAO- 03- 1083 Homeland Security

Page 7 GAO- 03- 1083 Homeland Security

Page 8 GAO- 03- 1083 Homeland Security

Page 9 GAO- 03- 1083 Homeland Security

Appendix I

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 10 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 11 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 12 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 13 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 14 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 15 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 16 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 17 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 18 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 19 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 20 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 21 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 22 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 23 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 24 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 25 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 26 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 27 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 28 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 29 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 30 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 31 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 32 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 33 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 34 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 35 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 36 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 37 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 38 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 39 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 40 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 41 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 42 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 43 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 44 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 45 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 46 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 47 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 48 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 49 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 50 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 51 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 52 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 53 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 54 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 55 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 56 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 57 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 58 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 59 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 60 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 61 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 62 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 63 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 64 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 65 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 66 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 67 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 68 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 69 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 70 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 71 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 72 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 73 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 74 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 75 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 76 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 77 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 78 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 79 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 80 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 81 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 82 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 83 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 84 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 85 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 86 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 87 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 88 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 89 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 90 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 91 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 92 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 93 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 94 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 95 GAO- 03- 1083 Homeland Security

Appendix I Briefing to the Staffs of the Subcommittees on Homeland
Security, Senate and House Committees on Appropriations

Page 96 GAO- 03- 1083 Homeland Security

Page 97 GAO- 03- 1083 Homeland Security

Appendix II

Appendix II Comments from the Department of Homeland Security

Page 98 GAO- 03- 1083 Homeland Security

GAO*s Mission The General Accounting Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities

and to help improve the performance and accountability of the federal
government for the American people. GAO examines the use of public funds;
evaluates federal programs and policies; and provides analyses,
recommendations, and other assistance to help Congress make informed
oversight, policy, and funding decisions. GAO*s commitment to good
government is reflected in its core values of accountability, integrity,
and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through the Internet. GAO*s Web site (www. gao. gov) contains abstracts
and fulltext files of current reports and testimony and an expanding
archive of older products. The Web site features a search engine to help
you locate documents using key words and phrases. You can print these
documents in their entirety, including charts and other graphics.

Each day, GAO issues a list of newly released reports, testimony, and
correspondence. GAO posts this list, known as *Today*s Reports,* on its
Web site daily. The list contains links to the full- text document files.
To have GAO e- mail this

list to you every afternoon, go to www. gao. gov and select *Subscribe to
e- mail alerts* under the *Order GAO Products* heading. Order by Mail or
Phone The first copy of each printed report is free. Additional copies are
$2 each. A check

or money order should be made out to the Superintendent of Documents. GAO
also accepts VISA and Mastercard. Orders for 100 or more copies mailed to
a single address are discounted 25 percent. Orders should be sent to:

U. S. General Accounting Office 441 G Street NW, Room LM Washington, D. C.
20548 To order by Phone: Voice: (202) 512- 6000 TDD: (202) 512- 2537 Fax:
(202) 512- 6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact: Web site: www. gao. gov/ fraudnet/ fraudnet. htm E- mail:
fraudnet@ gao. gov Automated answering system: (800) 424- 5454 or (202)
512- 7470

Public Affairs Jeff Nelligan, Managing Director, NelliganJ@ gao. gov (202)
512- 4800 U. S. General Accounting Office, 441 G Street NW, Room 7149
Washington, D. C. 20548

United States General Accounting Office Washington, D. C. 20548- 0001
Official Business Penalty for Private Use $300 Address Service Requested

Presorted Standard Postage & Fees Paid

GAO Permit No. GI00
*** End of document. ***