Homeland Security: Management and Programmatic Challenges Facing 
the Department of Homeland Security (10-MAY-07, GAO-07-833T).	 
                                                                 
The Department of Homeland Security (DHS) plays a key role in	 
leading and coordinating--with stakeholders in the federal,	 
state, local, and private sectors--the nation's homeland security
efforts. GAO has conducted numerous reviews of DHS management	 
functions as well as programs including transportation and border
security, immigration enforcement and service delivery, and	 
disaster preparation and response. This testimony addresses: (1) 
why GAO designated DHS's implementation and transformation as a  
high-risk area, (2) specific management challenges that DHS	 
continues to face, (3) examples of the program challenges that	 
DHS faces, and (4) actions DHS should take to strengthen its	 
implementation and transformation efforts.			 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-833T					        
    ACCNO:   A69452						        
  TITLE:     Homeland Security: Management and Programmatic Challenges
Facing the Department of Homeland Security			 
     DATE:   05/10/2007 
  SUBJECT:   Accountability					 
	     Agency evaluation					 
	     Agency missions					 
	     Emergency preparedness				 
	     Federal agency reorganization			 
	     Financial management				 
	     Homeland security					 
	     Information technology				 
	     Internal controls					 
	     Procurement planning				 
	     Program management 				 
	     Risk assessment					 
	     Risk management					 
	     Strategic planning 				 
	     Program implementation				 
	     GAO High Risk Series				 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-833T

   

     * [1]Summary
     * [2]Background
     * [3]DHS's Transformation
     * [4]DHS Must Address Key Management Challenges

          * [5]DHS Transformation and Integration
          * [6]Financial Management and Internal Controls
          * [7]Information Technology
          * [8]Human Capital Systems
          * [9]Acquisition Management

     * [10]Programmatic Challenges Facing DHS

          * [11]Transportation Security
          * [12]Coast Guard Acquisitions and Non-Homeland Security Missions
          * [13]Border Security and the Regulation of Trade
          * [14]Enforcement of Immigration Laws
          * [15]Provision of Immigration Services
          * [16]Disaster Preparedness and Response

     * [17]Actions Needed to Strengthen DHS's Transformation and Integr
     * [18]Contacts and Acknowledgements
     * [19]Implementing and Transforming the Department of Homeland Sec

          * [20]Implementation and Transformation
          * [21]Financial Management and Internal Controls
          * [22]Information Technology
          * [23]Human Capital Systems
          * [24]Acquisition Management
          * [25]Transportation Security
          * [26]Coast Guard Acquisitions and Non-Homeland Security Missions
          * [27]Border Security and the Regulation of Trade
          * [28]Enforcement of Immigration Laws
          * [29]Provision of Immigration Services
          * [30]Disaster Preparedness and Response

     * [31]GAO's Mission
     * [32]Obtaining Copies of GAO Reports and Testimony

          * [33]Order by Mail or Phone

     * [34]To Report Fraud, Waste, and Abuse in Federal Programs
     * [35]Congressional Relations
     * [36]Public Affairs

Testimony Before the Subcommittee on Oversight of Government Management,
the Federal Workforce, and the District of Columbia, Senate Committee on
Homeland Security and Governmental Affairs

United States Government Accountability Office

GAO

For Release on Delivery
Expected at 9:00 a.m. EDT
Thursday, May 10, 2007

HOMELAND SECURITY

Management and Programmatic Challenges Facing the Department of Homeland
Security

Statement of David M. Walker Comptroller General of the United States U.S.
Government Accountability Office

GAO-07-833T

Mr. Chairman and Members of the Subcommittee:

I appreciate the opportunity to appear before the subcommittee to address
management and programmatic challenges facing the Department of Homeland
Security (DHS). I have spoken extensively about the fiscal crisis our
nation faces with the coming retirement of the baby boom generation and
the related growth in entitlement spending. The current financial
condition in the United States is worse than is widely understood and is
not sustainable. Meeting the long-term fiscal challenge will require (1)
significant entitlement reform to change the path of those programs; (2)
reprioritizing, restructuring and constraining other spending programs;
and (3) additional revenues--such as through a reformed tax system. These
efforts will require bipartisan cooperation and compromise.

Irrespective of our fiscal situation, it is important for federal
departments--including DHS--to operate as efficiently and effectively as
possible in carrying out their missions. At the same time, we also face
new and uncertain threats to our security, both overseas and at home, that
require continued attention. Without this focus, the consequences can be
catastrophic. We designated the implementation and transformation of DHS
as a high-risk area in 2003 and continued that designation in our 2005
update. In my testimony today, I will explain why we decided to maintain
this area on our 2007 high risk list, focusing on four areas:

           o why we originally designated DHS's implementation and
           transformation as a high-risk area,
           o specific management challenges that DHS continues to face,
           o examples of the program challenges that DHS faces, and
           o actions DHS should take to strengthen its implementation and
           transformation efforts.

My comments today are based on our wide-ranging work on DHS since the 2005
high-risk update, as well as our institutional knowledge of homeland
security and various government organizational and management issues. We
conducted our work in accordance with generally accepted government
auditing standards. A listing of GAO reports related to the
transformation, management, and program challenges discussed in this
statement are contained in Appendix 1.

Summary

We first designated DHS's implementation and transformation as high risk
in 2003 because 22 disparate agencies had to transform and integrate into
one department. Many of these individual agencies were facing their own
management and mission challenges. But most importantly, the failure to
effectively address DHS's management challenges and program risks could
have serious consequences for our homeland security as well as our
economy. We kept the DHS implementation and transformation on the
high-risk list in 2005 because serious transformation challenges continued
to hinder DHS's success. Since then, our and the DHS Inspector General's
(IG) reports have documented DHS's progress and remaining challenges in
transforming into an effective, integrated organization. For example, in
the management area, DHS has developed a strategic plan, is working to
integrate some management functions, and has continued to form necessary
partnerships to achieve mission success. Despite these efforts, however,
DHS implementation and transformation remain on the 2007 high-risk list
because numerous management challenges continue to exist. For example,

           o Although DHS has issued guidance and plans to assist management
           integration on a function by function basis, DHS lacks a
           comprehensive management integration strategy with overall goals,
           timelines, and a team dedicated to support its integration
           efforts.
           o The DHS strategic plan addresses five of six Government
           Performance and Results Act required elements and takes into
           account its non-homeland security missions, such as responding to
           natural disasters. However, it had only limited consultation with
           key stakeholders, thus missing an opportunity to create a shared
           understanding of goals and priorities.
           o Several DHS programs have not developed outcome-based measures
           to assess performance.
           o While the Secretary of DHS has expressed a commitment to risk
           management, DHS has not performed comprehensive risk assessments
           in transportation, trade, critical infrastructure, or the
           immigration and customs systems to guide resource allocation
           decisions.
           o Since its creation, DHS has been unable to obtain an unqualified
           or "clean" audit opinion on its financial statements. The auditors
           continue to report material internal control weaknesses and that
           DHS's financial systems do not substantially comply with federal
           requirements. These weaknesses highlight the concern that DHS may
           not be able to account for all of its funding and resources or
           have reliable financial information for management and budget
           purposes. 
           o DHS has not institutionalized an effective strategic framework
           for information management to, among other things, guide
           technology investments, and despite some progress, DHS's human
           capital--the centerpiece of its transformation efforts--and
           acquisition systems will require continued attention to help
           prevent waste and to ensure that DHS can allocate its resources
           economically, efficiently, effectively, ethically, and equitably.

DHS has taken some actions to strengthen program activities in areas such
as cargo, transportation, and border security; Coast Guard acquisition
management; advance contracting for goods and services for disaster
preparedness; and immigration services. However, DHS continues to face a
range of programmatic and partnering challenges. To help ensure its
missions are achieved, DHS must overcome continued challenges related to:

           o strengthening cargo and passenger screening, visitor tracking,
           efforts to combat the employment of illegal aliens, and outdated
           Coast Guard asset capabilities;
           o balancing its homeland security and other missions, such as
           disaster preparedness; and
           o clearly defining leadership roles and responsibilities,
           developing necessary disaster response capabilities, and
           establishing accountability systems to provide effective services
           while protecting against waste, fraud, and abuse at the Federal
           Emergency Management Agency (FEMA).

To be removed from GAO's high-risk list,1 agencies must do three things.
First, they have to produce a corrective action plan that defines the root
causes of identified problems, identifies effective solutions to those
problems, and provides for substantially completing corrective measures in
the near term. Such a plan should include performance metrics and
milestones, as well as mechanisms to monitor progress. In the spring of
2006, DHS provided us with a draft corrective action plan that did not
contain key elements we have identified as necessary for an effective
corrective action plan, including specific actions to address identified
objectives. As of May 2007, DHS has not submitted a corrective action plan
to OMB. According to OMB, this is one of the few high-risk areas that has
not produced a final corrective action plan.

Second, agencies must demonstrate significant progress in addressing the
problems identified in their corrective action plan. To date, DHS has not
been transparent in its efforts to strengthen its management areas and
mission functions. While much of its sensitive work needs to be guarded
from improper disclosure, DHS has not been receptive towards oversight and
its delays in providing Congress and us with access to various documents
and officials have impeded the timeliness of our work. We have recently
worked with DHS management, including the Secretary and the Undersecretary
for Management, to establish a more cooperative and efficient process--for
example, reviewing sensitive documents at a particular agency location--in
an effort to not only to maintain a productive working relationship with
the department, but also to meet the needs of our congressional requesters
in a timely manner. Finally, agencies, in particular top leadership, must
demonstrate a commitment to achieve any remaining key objectives and
sustain various improvements in their performance over the long term.
Although DHS leaders have expressed their intent to integrate legacy
agencies into the new department, they have not dedicated the resources
needed to oversee this effort and have not been responsive to many
directions from Congress and recommendations from study groups and
accountability organizations like the IGs and GAO.

1GAO, Determining Performance and Accountability Challenges and High
Risks, [37]GAO-01-159SP (Washington, D.C.: Nov. 1, 2000).

While this testimony contains no new recommendations, GAO has made
numerous prior recommendations to DHS in reports addressing the issues
identified in this statement. DHS generally concurred with these
recommendations; however it is not clear to what extent these
recommendations are being implemented.

Background

In an effort to strengthen homeland security following the September 11,
2001, terrorist attacks on the United States, President Bush issued the
National Strategy for Homeland Security in July 2002 and signed
legislation creating DHS in November 2002.2 The strategy set forth the
overall objectives, mission areas, and initiatives to prevent terrorist
attacks within the United States; reduce America's vulnerability to
terrorism; and minimize the damage and assist in the recovery from attacks
that may occur.

DHS, which began operations in March 2003, represented a fusion of 22
federal agencies to coordinate and centralize the leadership of many
homeland security activities under a single department. Although the
National Strategy for Homeland Security identified that many other federal
departments (and other nonfederal stakeholders) are involved in homeland
security activities, DHS has the dominant role in implementing the
strategy. The strategy identified 6 mission areas and 43 initiatives. DHS
was designated as the lead federal agency for 37of the 43 initiatives, and
has activities under way in 40 of the 43 initiatives.

2Homeland Security Act of 2002, Pub. L. No. 107-296, 116 Stat. 2135 (Nov.
25, 2002).

The Homeland Security Act of 2002, which created DHS, represented a
historic moment of almost unprecedented action by the federal government
to fundamentally transform how the nation thinks of homeland security,
including how it protects itself from terrorism. Also significant was the
fact that many of the 22 departments brought together under DHS were not
focused on homeland security missions prior to September 11, 2001. Rarely
in the country's past had such a large and complex reorganization of
government occurred or been developed with such a singular and urgent
purpose. The creation of DHS represented a unique opportunity to transform
a disparate group of agencies with multiple missions, values, and cultures
into a strong and effective cabinet department whose goals are to, among
other things, protect U.S. borders and infrastructure, improve
intelligence and information sharing, and prevent and respond to potential
terrorist attacks. Together with this unique opportunity, however, came a
significant risk to the nation that could occur if the department's
implementation and transformation efforts were not successful.

Mission areas designated as high risk have national significance, while
other areas designated as high risk represent management functions that
are important for agency performance and accountability. The identified
areas can have a qualitative risk that may be detrimental to public health
or safety, national security, and economic growth, or a fiscal risk due to
the size of the program in question. Examples of high-risk areas include
federal governmentwide problems, like human capital management; large
programs, like Social Security, Medicaid, and Medicare; and more narrow
issues, such as contracting at a specific agency. The DHS transformation
is unique in that it involves reorganization, management, and program
challenges simultaneously.

DHS's Transformation

We first designated DHS's transformation as high risk in January 2003
based on three factors. First, DHS faced enormous challenges in
implementing an effective transformation process, developing partnerships,
and building needed management capacity because it had to effectively
combine 22 agencies with an estimated 170,000 employees into one
department. Second, DHS faced a broad array of operational and management
challenges that it inherited from its component legacy agencies. For
example, many of the major components that were merged into the
department, including the Immigration and Naturalization Service, the
Transportation Security Administration, the Customs Service, the Federal
Emergency Management Agency, and the Coast Guard, brought with them
existing challenges in areas such as strategic human capital, information
technology, and financial management. Finally, DHS's national security
mission was of such importance that the failure to effectively address its
management challenges and program risks could have serious consequences on
our intergovernmental system, the health and safety of our citizens, and
our economy.

Our prior work on mergers and acquisitions, undertaken before the creation
of DHS, found that successful transformations of large organizations, even
those faced with less strenuous reorganizations than DHS, can take years
to achieve.3 On the basis of the need for more progress in its
transformation efforts, DHS's implementation and transformation stayed on
our high-risk update for 2005, and remained on the high-risk list in 2007.
Further, in November of 2006, we provided the congressional leadership a
listing of government programs, functions, and activities that warrant
further congressional oversight.4 Among the issues included were DHS
integration and transformation efforts.

DHS Must Address Key Management Challenges

Managing the transformation of an organization of the size and complexity
of DHS requires comprehensive planning, integration of key management
functions across the department, and partnering with stakeholders across
the public and private sectors. DHS has made some progress in each of
these areas, but much additional work is required to help ensure
sustainable success. Apart from these integration efforts, however, a
successful transformation will also require DHS to follow through on its
initial actions of building capacity to improve the management of its
financial and information technology systems, as well as its human capital
and acquisition efforts.

3GAO, Highlights of a GAO Forum: Mergers and Transformation: Lessons
Learned for a Department of Homeland Security and Other Federal Agencies,
[38]GAO-03-293SP (Washington, D.C.: Nov. 14, 2002).

4GAO, Suggested Areas for Oversight for the 110th Congress,
[39]GAO-07-235R (Washington, D.C.: Nov. 17, 2006).

DHS Transformation and Integration

Thorough planning is important for DHS to successfully transform and
integrate the management functions of 22 disparate agencies into a common
framework that supports the organization as a whole. Our past work has
identified progress DHS has made in its planning efforts.5 For example,
the DHS strategic plan addresses five of six Government Performance and
Results Act required elements and takes into account its non-homeland
security missions, such as responding to natural disasters. Furthermore,
several DHS components have developed their own strategic plans or
strategic plans for missions within their areas of responsibility. For
example, U.S. Immigration and Customs Enforcement (ICE) has produced an
interim strategic plan that identifies its goals and objectives, and U.S.
Customs and Border Protection (CBP) developed a border patrol strategy and
an anti-terrorism trade strategic plan. However, deficiencies in DHS's
planning efforts remain. A DHS-wide transformation strategy should include
a strategic plan that identifies specific budgetary, human capital, and
other resources needed to achieve stated goals. The strategy should also
involve key stakeholders to create a shared understanding of goals and
priorities. DHS's existing strategic plan lacks these linkages, and DHS
has not effectively involved stakeholders in the development of the plan.
DHS has also not completed other important planning-related activities.
For example, some of DHS's components have not developed adequate
outcome-based performance measures or comprehensive plans to monitor,
assess, and independently evaluate the effectiveness of their plans and
performance.

Integrating core management functions like financial, information
technology, human capital, and procurement is also important if DHS is to
transform itself into a cohesive, high-performing organization. However,
DHS lacks a comprehensive management integration strategy with overall
goals, a timeline, appropriate responsibility and accountability
determinations, and a dedicated team to support its management integration
efforts. In 2005, we recommended that DHS establish implementation goals
and a timeline for its management integration efforts as part of a
comprehensive integration strategy, a key practice to help ensure success
for a merger or transformation. Although DHS has issued guidance and plans
to assist management integration on a function by function basis, it has
not developed a plan that clearly identifies the critical links that
should occur across these functions, the necessary timing to make these
links occur, how these interrelationships will occur, and who will drive
and manage them. In March 2007 testimony before the House Homeland
Security Committee, DHS's Undersecretary for Management supported our
recommendation on the need for a comprehensive management integration
strategy for the department. The Undersecretary stated that he was
reviewing DHS's progress against its individual plans and guidance for its
management functions that would be part of such a comprehensive strategy.
In addition, although DHS had established a Business Transformation Office
that reported to the Under Secretary for Management to help monitor and
look for interdependencies among the individual functional management
integration efforts, that office was not responsible for leading and
managing the coordination and integration itself. We understand that the
Business Transformation Office has been recently eliminated due to a lack
of funding.

5GAO, Results Oriented Government: Improvements to DHS's Planning Process
Would Enhance Usefulness and Accountability, [40]GAO-05-300 (Washington,
D.C.: March 31, 2005); Homeland Security: Better Management Practices
Could Enhance DHS's Ability to Allocate Investigative Resources,
[41]GAO-06-462T (Washington, D.C.: March 28, 2006); Border Patrol:
Available Data on Interior Checkpoints Suggest Differences in Sector
Performance, [42]GAO-05-435 (Washington, D.C.: July 22, 2005).

In addition to the Business Transformation Office, we have recommended
that Congress continue to monitor whether it needs to provide additional
leadership authorities to the DHS Under Secretary for Management or create
a Chief Operating Officer/Chief Management Officer (COO/CMO) position that
could help elevate, integrate, and institutionalize DHS's management
initiatives. Legislation was introduced in this session and passed by the
Senate to create a Deputy Secretary of Homeland Security for Management, a
CMO position.6 On April 24, 2007, I sponsored a forum on implementing
COO/CMO positions in select federal departments and agencies, as part of a
broader study examining issues associated with implementing these
positions in response to a bipartisan request from this subcommittee.
Forum participants included former and current government executives, and
officials from private businesses and nonprofit organizations. The forum
discussion focused on criteria for determining the type of COO/CMO
position that should be established in selected entities and how to
implement the position, including qualifications, appointment processes,
roles and responsibilities, and reporting relationships. In addition to
the forum, we have also learned about the experiences of organizations
that have positions similar to a COO/CMO through several case study
reviews. We expect to issue our full report to the subcommittee in early
September 2007.

6Improving America's Security Act of 2007, S. 4, 110th Cong. S 1601
(2007).

Finally, DHS cannot successfully achieve its homeland security mission
without working with other entities that share responsibility for securing
the homeland. Partnering for progress with other governmental agencies and
private sector entities is central to achieving its missions. Since 2005,
DHS has continued to form necessary partnerships and has undertaken a
number of coordination efforts with private sector entities. These
include, for example, partnering with (1) airlines to improve aviation
passenger and cargo screening, (2) the maritime shipping industry to
facilitate containerized cargo inspection, (3) financial institutions to
follow the money trail in immigration and customs investigations, and (4)
the chemical industry to enhance critical infrastructure protection at
such facilities.7 In addition, FEMA has worked with other federal, state,
and local entities to improve planning for disaster response and recovery.
However, partnering challenges continue as DHS seeks to form more
effective partnerships to leverage resources and more effectively carry
out its homeland security responsibilities. For example, because DHS has
only limited authority to address security at chemical facilities, it must
continue to work with the chemical industry to ensure that it is assessing
vulnerabilities and implementing security measures. Also, while TSA has
taken steps to collaborate with federal and private sector stakeholders in
the implementation of its Secure Flight program, these stakeholders stated
that TSA has not provided them with the information they would need to
support TSA's efforts as they move forward with the program.

Financial Management and Internal Controls

DHS has made modest progress in addressing financial management and
internal control weaknesses and continues to face significant challenges
in these areas. For example, since its creation, DHS has been unable to
obtain an unqualified or "clean" audit opinion on its financial
statements. The independent auditor's report cited 10 material
weaknesses--i.e., significant deficiencies in DHS's internal
controls--showing no decrease from fiscal year 2005. These weaknesses
included financial management oversight, financial reporting, financial
systems security, and budgetary accounting. Furthermore, the report found
two other reportable conditions and instances of non-compliance with eight
laws and regulations, including the Federal Managers' Financial Integrity
Act of 1982, the Federal Financial Management Improvement Act of 1996, and
the Federal Information Security Management Act of 2002.8 While there
continue to be material weaknesses in its financial management systems,
DHS has made some progress in this area. For example, the independent
auditor's fiscal year 2006 report noted that DHS had made improvements at
the component level to improve financial reporting during fiscal year
2006, although many challenges were remaining. Also, DHS and its
components have reported developing corrective action plans to address the
specific material internal control weaknesses identified.

7GAO, Aviation Security: Significant Management Challenges May Adversely
Affect Implementation of the Transportation Security Administration's
Secure Flight Program, [43]GAO-06-374T (Washington, D.C.: Feb. 9, 2006);
Maritime Security: Enhancements Made, but Implementation and
Sustainability Remain Key Challenges, [44]GAO-05-448T (Washington, D.C.:
May 17, 2005); Homeland Security: Better Management Practices Could
Enhance DHS's Ability to Allocate Investigative Resources, [45]GAO-06-462T
(Washington, D.C.: March 28, 2006); and Homeland Security: DHS Is
Addressing Security at Chemical Facilities, but Additional Authority Is
Needed, [46]GAO-06-899T (Washington, D.C.: June 21, 2006).

In addition to the independent audits, we have done work to assess DHS's
financial management and internal controls. For example, in 2004, we
reviewed DHS's progress in addressing financial management weaknesses and
integrating its financial systems.9 Specifically, we identified weaknesses
in the financial management systems DHS inherited from the 22 component
agencies, assessed DHS's progress in addressing these weaknesses,
identified plans DHS had to integrate with its financial management
systems, and reviewed whether the planned systems DHS was developing would
meet the requirements of relevant financial management improvement
legislation. On the basis of our work, we recommended that DHS (1) give
sustained attention to addressing previously reported material weaknesses,
reportable conditions, and observations and recommendations; (2) complete
development of corrective action plans for all material weaknesses,
reportable conditions, and observations and recommendations; (3) ensure
that internal control weaknesses are addressed at the component level if
they were combined or reclassified at the departmentwide level; and (4)
maintain a tracking system of all auditor-identified and
management-identified control weaknesses. These recommendations are still
relevant today.

8Department of Homeland Security, Office of Inspector General. Independent
Auditors' Report on DHS' FY 2006 Financial Statements. OIG-07-10.
(Washington, D.C.: Nov. 2006).

9GAO, Financial Management: Department of Homeland Security Faces
Significant Financial Management Challenges, [47]GAO-04-774 (Washington,
D.C.: July 19, 2004).

Information Technology

A departmentwide information technology (IT) governance
framework--including controls (disciplines) aimed at effectively managing
IT-related people, processes, and tools--is vital to DHS's transformation
efforts. These controls and disciplines include:

           o having and using an enterprise architecture, or corporate
           blueprint, as an authoritative frame of reference to guide and
           constrain IT investments;
           o defining and following a corporate process for informed decision
           making by senior leadership about competing IT investment options;
           o applying system and software development and acquisition
           discipline and rigor when defining, designing, developing,
           testing, deploying, and maintaining systems;
           o establishing a comprehensive information security program to
           protect its information and systems;
           o having sufficient people with the right knowledge, skills, and
           abilities to execute each of these areas now and in the future;
           and
           o centralizing leadership for extending these disciplines
           throughout the organization with an empowered Chief Information
           Officer.10

DHS has made progress in each of these areas, but additional work is
needed to further enhance its IT governance framework and implement our
related recommendations. For example, the June 2006 version of DHS's
enterprise architecture, while an improvement over prior versions, still
lacks important architecture content and limits DHS's ability to guide and
constrain IT investments, among other things.11 With respect to IT
investment management, DHS has established management structures but has
not, for example, fully implemented key practices needed to effectively
oversee and control department investments--putting the department at
increased risk of its programs not delivering promised mission
capabilities and benefits. DHS stated it is working on improving its
investment management process.12 DHS has taken other measures to enhance
IT governance as well, such as completing a comprehensive inventory of its
major information systems (though a comprehensive information security
program is still needed), organizing IT leadership roles and
responsibilities under the CIO, and initiating strategic planning for IT
human capital (an area where we have ongoing work to assess related
strategic planning efforts and progress made).

10GAO, Homeland Security: Progress Continues, but Challenges Remain on
Department's Management of Information Technology, [48]GAO-06-598T
(Washington, D.C.: March 29, 2006).

11GAO, Homeland Security: DHS Enterprise Architecture Continues to Evolve
but Improvements Needed, [49]GAO-07-564 (Washington, D.C.: May 9, 2007).

12GAO, Information Technology: DHS Needs to Fully Implement Policies and
Procedures for Effectively Managing Investments, [50]GAO-07-424
(Washington, D.C.: April 27, 2007).

In addition to efforts undertaken in these areas, our reviews of key
nonfinancial systems show that DHS has not consistently employed a range
of system acquisition management disciplines, such as reliable
cost-estimating practices and meaningful performance measurements. We have
made a number of recommendations in this and other areas, including work
related to deploying and operating IT system and infrastructure in support
of DHS's core mission and operations. Implementation of many of our
recommendations has been slow. Until DHS fully establishes and
consistently implements the full range of IT management disciplines
embodied in its framework and related to federal guidance and best
practices, it will be challenged in its ability to effectively manage and
deliver programs.

Human Capital Systems

DHS has made some progress in transforming its human capital systems, but
more work remains.13 Some of the most pressing human capital challenges at
DHS include (1) successfully completing its ongoing transformation; (2)
forging a unified results-oriented culture across the department (line of
sight); (3) linking daily operations to strategic outcomes; (4) rewarding
individuals based on individual, team, unit, and organizational results;
(5) obtaining, developing, providing incentives to, and retaining needed
talent; and most importantly, (6) leadership at the top, to include a
chief operating officer or chief management officer. Moreover, employee
morale is low, as measured by recent results in the 2006 Federal Human
Capital Survey, which can have an impact on the progress of DHS's
transformation and integration. DHS scored at the bottom or near the
bottom of all federal agencies in the four areas which provide the
standards of success for agencies to measure their progress and
achievements in managing their workforces. These four areas include (1)
leadership and knowledge management, (2) results-oriented performance
culture, (3) talent management, and (4) job satisfaction. As we have
reported, people are at the center of any serious change management
initiative, and addressing the "people" element and employee morale issues
is the key to a successful merger and transformation.

13GAO, Department of Homeland Security: Strategic Management of Training
Important for Successful Transformation, [51]GAO-05-888 (Washington, D.C.:
Sept. 23, 2005); Information on Immigration Enforcement and Supervisory
Promotions in the Department of Homeland Security's Immigration and
Customs Enforcement and Customs and Border Protection, [52]GAO-06-751R
(Washington, D.C.: June 13, 2006); Homeland Security: Visitor and
Immigrant Status Program Operating, but Management Improvements Are Still
Needed, [53]GAO-06-318T (Washington, D.C.: Jan. 25, 2006); and Border
Security: Stronger Actions Needed to Assess and Mitigate Risks of the Visa
Waiver Program, [54]GAO-06-854 (Washington, D.C.: July 28, 2006).

Strategic human capital management is the centerpiece of any
transformation effort. In 2005, we reported that DHS had initiated
strategic human capital planning efforts and published proposed
regulations for a modern human capital management system.14 We also
reported that DHS's leadership was committed to the human capital system
design process and had formed teams to implement the resulting
regulations. Since our report, DHS has finalized its human capital
regulations and it is vital that DHS implement its human capital system
effectively.15 In April 2007, DHS issued its fiscal year 2007 and 2008
Human Capital Operational Plan, which identifies five department
priorities: hiring and retaining a talented and diverse workforce,
creating a DHS-wide culture of performance, creating high-quality learning
and development programs for DHS employees, implementing a DHS-wide
integrated leadership system, and being a model of human capital service
excellence. DHS officials explained that the Human Capital Operating Plan
encompasses the initiatives of the previous human capital management
system, MAXHR, but also outlines a more comprehensive human resources
program. GAO has not yet reviewed DHS's new Human Capital Operational Plan
to see if it addresses our prior recommendations. However, we expect to
examine this plan.

Further, since our 2005 update, DHS has taken some actions to integrate
the legacy agency workforces that make up its components. For example, it
standardized pay grades for criminal investigators at ICE and developed
promotion criteria for investigators and CBP officers that equally
recognize the value of the experience brought to ICE and CBP by employees
of each legacy agency. DHS also made progress in establishing human
capital capabilities for the US-VISIT program, which should help ensure
that it has sufficient staff with the necessary skills and abilities to
implement the program effectively. CBP also developed training plans that
link its officer training to CBP strategic goals.

14GAO, Homeland Security: Overview of Department of Homeland Security
Management Challenges, [55]GAO-05-573T (Washington, D.C.: April 20, 2005).

15The Homeland Security Act gave DHS authorization to design a human
capital management system to meet its unique missions. In January 2005,
DHS announced its final human capital management system regulations. DHS
intended to implement a new personnel system in 2005. According to DHS
OIG, these delays will impact the cost of implementation, the current
development and implementation contract, and the ability to properly
manage the workforce. Department of Homeland Security, Office of Inspector
General. Major Management Challenges Facing the Department of Homeland
Security, OIG-06-14 (Washington, D.C.: Dec. 2005).

Despite these efforts, however, DHS must still (1) create a clearer
crosswalk between departmental training goals and objectives and DHS's
broader organizational and human capital goals, and (2) develop
appropriate training performance measures and targets for goals and
strategies identified in its departmentwide strategic training plan. We
have also made recommendations to specific program offices and
organizational entities to help ensure that human capital resources are
provided to improve the effectiveness of management capabilities, and that
human capital plans are developed that clearly describe how these
components will recruit, train, and retain staff to meet their growing
demands as they expand and implement new program elements. We are
completing a review of selected human capital issues and plan to report on
our results soon. This report will discuss information on: attrition rates
at DHS; senior-level vacancies at DHS; DHS's use of human capital
flexibilities, including the Intergovernmental Personnel Act, and personal
services contracts; and DHS's compliance with the Federal Vacancies Reform
Act of 1998.

Acquisition Management

DHS has made some progress but continues to face challenges in creating an
effective, integrated acquisition organization. Since its inception in
March 2003, DHS made early progress in implementing a strategic sourcing
program to increase the effectiveness of its buying power and in creating
a small business program. These programs have promoted an environment in
which there is a collaborative effort toward the common goal of an
efficient, unified organization. Strategic sourcing allows DHS components
to formulate purchasing strategies to leverage buying power and increase
savings for a variety of products like office supplies, boats, energy, and
weapons, while its small business program works to ensure small businesses
can compete effectively for the agency's contract dollars. However, DHS's
progress toward creating a unified acquisition organization has been
hampered by policy decisions. In March 2005, we reported that an October
2004 management directive, Acquisition Line of Business Integration and
Management, while emphasizing the need for a unified, integrated
acquisition organization, relies on a system of dual accountability
between the chief procurement officer and the heads of the departments to
make this happen.16 This situation has created ambiguity about who is
accountable for acquisition decisions. We also found that the various
acquisition organizations within DHS are still operating in a disparate
manner, with oversight of acquisition activities left primarily up to each
individual component. Specifically, we reported that (1) there were
components exempted from the unified acquisition organization, (2) the
chief procurement officer had insufficient staff for departmentwide
oversight, and (3) staffing shortages led the office of procurement
operations to rely extensively on outside agencies for contracting
support.17 In December 2005, DHS established an acquisition oversight
program to provide comprehensive insight into each component's acquisition
programs. This oversight program involves a series of reviews which are
currently being implemented. However, accountability concerns remain. In
March 2005, we recommended that, among other things, the Secretary of
Homeland Security provide the Office of the Chief Procurement Officer with
sufficient resources and enforcement authority to enable effective
departmentwide oversight of acquisition policies and procedures, and to
revise the October 2004 management directive to eliminate reference to the
Coast Guard and Secret Service as being exempt from complying with the
directive. In September 2006, DHS reported on planned increases in
staffing for the Office of the Chief Procurement Officer, but we expressed
concern that the authority of the Chief Procurement Officer had not been
addressed.18 Unless DHS addresses these challenges, it is at risk of
continuing to exist as a fragmented acquisition organization. Because some
of DHS's components have major, complex acquisition programs--for example,
the Coast Guard's Deepwater program (designed to replace or upgrade its
cutters and aircraft) and CBP's Secure Border Initiative--DHS needs to
improve the oversight of contractors and should adhere to a rigorous
management review process.

16GAO, Homeland Security: Success and Challenges in DHS's Efforts to
Create an Effective Acquisition Organization, [56]GAO-05-179 (Washington,
D.C.: March 29, 2005).

17GAO, Homeland Security: Challenges in Creating an Effective Acquisition
Organization, [57]GAO-06-1012T (Washington, D.C.: July 27, 2006).

18Interagency Contracting: Improved Guidance, Planning, and Oversight
Would Enable the Department of Homeland Security to Address Risks,
[58]GAO-06-996 (Washington, D.C.: Sept. 27, 2006).

Programmatic Challenges Facing DHS

DHS continues to face challenges, many of which were inherited from its
component legacy agencies, in carrying out its programmatic activities.
These challenges include enhancing transportation security, strengthening
the management of U.S. Coast Guard acquisitions and meeting the Coast
Guard's new homeland security missions, improving the regulation of
commercial trade while ensuring protection against the entry of illegal
goods and dangerous visitors at U.S. borders and ports of entry, and
improving enforcement of immigration laws, including worksite immigration
laws, and the provision of immigration services. DHS must also effectively
coordinate the mitigation and response to all hazards, including natural
disaster planning, response, and recovery. DHS has taken actions to
address these challenges, for example, by strengthening passenger and
baggage screening, increasing the oversight of Coast Guard acquisitions,
more thoroughly screening visitors and cargo, dedicating more resources to
immigration enforcement, becoming more efficient in the delivery of
immigration services, and conducting better planning for disaster
preparation. However, challenges remain in each of these major mission
areas.

Transportation Security

Despite progress in this area, DHS continues to face challenges in
effectively executing transportation security efforts. We have recommended
that the Transportation Security Administration (TSA) more fully integrate
a risk management approach--including assessments of threat,
vulnerability, and criticality--in prioritizing security efforts within
and across all transportation modes; strengthen stakeholder coordination;
and implement needed technological upgrades to secure commercial
airports.19 DHS has made progress in all of these areas, particularly in
aviation, but must expand its security focus more towards surface modes of
transportation and continue to seek best practices and coordinated
security efforts with the international community. DHS and TSA have taken
numerous actions to strengthen commercial aviation security, including
strengthening passenger and baggage screening, improving aspects of air
cargo security, and strengthening the security of international flights
and passengers bound for the United States.20 For example, TSA increased
efforts to measure the effectiveness of airport screening systems through
covert testing and other means and has worked to enhance passenger and
baggage screener training. TSA also improved its processes for identifying
and responding to threats onboard commercial aircraft and has modified
airport screening procedures based on risk. Despite this progress,
however, TSA continues to face challenges in implementing a program to
match domestic airline passenger information against terrorist watch
lists, fielding needed technologies to screen airline passengers for
explosives, and strengthening aspects of passenger rail security.21 In
addition, TSA has not developed a strategy, as required, for securing the
various modes of transportation. As a result, rail and other surface
transportation stakeholders are unclear regarding what TSA's role will
ultimately be in establishing and enforcing security requirements within
their transportation modes. We have recommended that TSA more fully
integrate risk-based decision making within aviation and across all
transportation modes, strengthen passenger prescreening, and enhance rail
security efforts. We have also recommended that TSA work to develop
sustained and effective partnerships with other government agencies, the
private sector, and international partners to coordinate security efforts
and seek potential best practices, among other efforts. While DHS has made
significant strides in strengthening aviation security, it still is in the
early stages of developing a comprehensive approach to ensuring inbound
air cargo security.

19GAO, Aviation Security: Flight and Cabin Crew Member Security Training
Strengthened, but Better Planning and Internal Controls Needed,
[59]GAO-05-781 (Washington, D.C.: Sept. 6, 2005); Aviation Security:
Federal Action Needed to Strengthen Domestic Air Cargo Security,
[60]GAO-06-76 (Washington, D.C.: Oct. 17, 2005); Rail Transit: Additional
Federal Leadership Would Enhance FTA's State Safety Oversight Program,
[61]GAO-06-821 (Washington, D.C.: July 26, 2006); and Aviation Security:
TSA Oversight of Checked Baggage Screening Procedures Could Be
Strengthened, [62]GAO-06-869 (Washington, D.C.: July 28, 2006).

Coast Guard Acquisitions and Non-Homeland Security Missions

The Coast Guard needs to improve the management of its acquisitions and
continue to enhance its security mission while meeting other mission
responsibilities. In 2004, we recommended that the Coast Guard improve its
management of the Deepwater program by strengthening key management and
oversight activities, implementing procedures to better ensure contractor
accountability, and controlling future costs by promoting competition.22
In April 2006, we reported the Coast Guard had made some progress in
addressing these recommendations. For example, the Coast Guard has
addressed our recommendation to ensure better contractor accountability by
providing for better input from U.S. Coast Guard performance monitors.23
However, even with these improvements, acquisition and contract management
issues that we reported on previously continue to be challenges to the
Coast Guard. For example, within the Deepwater program, an updated class
of patrol boats has been removed from service and its replacement, a new
cutter class, has been delayed due to design concerns. While the Coast
Guard recently announced that it will be taking a more active role in
Deepwater acquisitions and noted that many of the issues that led to these
acquisition problems are being addressed, it is too soon to tell how
effective these changes will be. Further, the Coast Guard has acquisition
challenges other than just the Deepwater program. For example, the Coast
Guard's timeline for achieving full operating capability for its search
and rescue communications system, Rescue 21, was delayed from 2006 to
2011, and the estimated total acquisition cost increased.

20GAO, Aviation Security: TSA Oversight of Checked Baggage Screening
Procedures Could Be Strengthened, [63]GAO-06-869 (Washington, D.C.: July
28, 2006); Aviation Security: Federal Action Needed to Strengthen Domestic
Air Cargo Security, [64]GAO-06-76 (Washington, D.C.: Oct. 17, 2005); and
Aviation Security: Enhancements Made in Passenger and Checked Baggage, but
Challenges Remain, [65]GAO-06-371T (Washington, D.C.: April 4, 2006);
Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in
the Early Stages and Could Be Strengthened, [66]GAO-07-660 (Washington,
D.C.: April 30, 2007).

21GAO, Aviation Security: Management Challenges Remain for the
Transportation Security Administration's Secure Flight Program,
[67]GAO-06-864T (Washington, D.C.: June 14, 2006).

The Coast Guard has made progress in balancing its homeland security and
traditional missions. The Coast Guard is unlike many other DHS components
because it has substantial missions not related to homeland security.
These missions include maritime navigation, icebreaking, protecting the
marine environment, marine safety, and search and rescue for mariners in
distress. Furthermore, unpredictable natural disasters, such as Hurricane
Katrina, can place intense demands on all Coast Guard resources. The Coast
Guard must continue executing these traditional missions and balance those
responsibilities with its homeland security obligations, which have
increased significantly since September 11.

22GAO, Contract Management: Coast Guard's Deepwater Program Needs
Increased Attention to Management and Contractor Oversight, [68]GAO-04-380
(Washington, D.C.: March 9, 2004).

23GAO, Coast Guard: Changes to Deepwater Plan Appear Sound, and Program
Management Has Improved, but Continued Monitoring is Warranted,
[69]GAO-06-546 (Washington, D.C.: April 28, 2006).

Border Security and the Regulation of Trade

DHS has made some progress but still faces an array of challenges in
securing the border while improving the regulation of commercial trade.24
Since 2005, DHS agencies have made some progress in implementing our
recommendations to refine the screening of foreign visitors to the United
States, target potentially dangerous cargo, and provide the personnel
necessary to effectively fulfill border security and trade agency
missions. As of January 2006, DHS had a pre-entry screening capability in
place in overseas visa issuance offices, and an entry identification
capability at 115 airports, 14 seaports, and 154 land ports of entry.
Furthermore, the Secretary of Homeland Security has made risk management
at ports and all critical infrastructure facilities a key priority for
DHS. In addition, DHS developed performance goals and measures for its
trade processing system and implemented a testing and certification
process for its officers to provide better assurance of effective cargo
examination targeting practices. However, efforts to assess and mitigate
risks of DHS's and the Department of State's implementation of the Visa
Waiver Program remain incomplete, increasing the risk that the program
could be exploited by someone who intends harm to the United States.
Further, many of DHS's border-related performance goals and measures are
not fully defined or adequately aligned with one another, and some
performance targets are not realistic. CBP is not systematically
incorporating inspection results into its cargo screening system because
it has not yet fully implemented a system that will report details on its
security inspections nationwide to allow management to analyze those
inspections. Other trade and visitor screening systems have weaknesses
that must be overcome to better ensure border and trade security. For
example, deficiencies in the identification of counterfeit documentation
at land border crossings into the United States create vulnerabilities
that terrorists or others involved in criminal activity could exploit. We
also reported that DHS's Container Security Initiative to target and
inspect high-risk cargo containers at foreign ports before they leave for
the United States has been challenged by staffing imbalances, the lack of
minimum technical requirements for inspection equipment used at foreign
ports, and insufficient performance measures to assess the effectiveness
of targeting and inspection activities. We are currently reviewing this
program to ascertain what progress CBP has made in addressing these
challenges.

24GAO, Border Security: US-VISIT Program Faces Strategic, Operational, and
Technological Challenges at Land Ports of Entry, [70]GAO-07-248
(Washington, D.C.: Dec. 6, 2006); Border Security: Stronger Actions Needed
to Assess and Mitigate Risks of the Visa Waiver Program, [71]GAO-06-854
(Washington, D.C.: July 28, 2006); Border Security: Key Unresolved Issues
Justify Reevaluation of Border Surveillance Technology Program,
[72]GAO-06-295 (Washington, D.C.: Feb. 22, 2006); Information Technology:
Customs Has Made Progress on Automated Commercial Environment System, but
It Faces Long-Standing Management Challenges and New Risks, [73]GAO-06-580
(Washington, D.C.: May 31, 2006); and Homeland Security: Recommendations
to Improve Management of Key Border Security Program Need to Be
Implemented, [74]GAO-06-296 (Washington, D.C.: Feb. 14, 2006).

Enforcement of Immigration Laws

DHS has taken some actions to improve enforcement of immigration laws,
including worksite immigration laws, but the number of resources devoted
to enforcing immigration laws is limited given that there are an estimated
12 million illegal aliens residing in the United States. DHS has
strengthened some aspects of immigration enforcement, including allocating
more investigative work years to immigration functions than the
Immigration and Naturalization Service did prior to the creation of DHS.
Nevertheless, effective enforcement will require more attention to
efficient resource use and updating outmoded management systems.25 In
April 2006, ICE announced an interior enforcement strategy to bring
criminal charges against employers who knowingly hire unauthorized
workers. ICE has also reported increases in the number of criminal arrests
and indictments for these violations since fiscal year 2004. In addition,
ICE has plans to shift responsibility for identifying incarcerated
criminal aliens eligible for removal from the United States from the
Office of Investigations to its Office of Detention and Removal, freeing
those investigative resources for other immigration and customs
investigations. ICE has also begun to introduce principles of risk
management into the allocation of its investigative resources. However,
enforcement of immigration enforcement laws needs to be strengthened and
significant management challenges remain. DHS's ability to locate and
remove millions of aliens who entered the country illegally or overstayed
the terms of their visas is questionable, and implementing an effective
worksite enforcement program remains an elusive goal. ICE's Office of
Investigations has not conducted a comprehensive risk assessment of the
customs and immigration systems to determine the greatest risks for
exploitation by criminals and terrorists. This office also lacks
outcome-based performance goals that relate to its objective of preventing
the exploitation of systemic vulnerabilities in customs and immigration
systems, and it does not have sufficient systems in place to help ensure
systematic monitoring and communication of vulnerabilities discovered
during its investigations. Moreover, the current employment verification
process used to identify workers ineligible for employment in the United
States has not fundamentally changed since its establishment in 1986, and
ongoing weaknesses have undermined its effectiveness. We have recommended
that DHS take actions to help address these weaknesses and to strengthen
the current process by issuing final regulations on changes to the
employment verification process which will reduce the number of documents
suitable for proving eligibility to work in the United States. Some other
countries require foreign workers to present work authorization documents
at the time of hire and require employers to review these documents and
report workers' information to government agencies for collecting taxes
and social insurance contributions, and conducting worksite enforcement
actions.

25GAO, Information on Immigration Enforcement and Supervisory Promotions
in the Department of Homeland Security's Immigration and Customs
Enforcement and Customs and Border Protection, [75]GAO-06-751R
(Washington, D.C.: June 13, 2006); Immigration Enforcement: Weaknesses
Hinder Employment Verification and Worksite Enforcement Efforts,
[76]GAO-06-895T (Washington, D.C.: June 19, 2006); and Homeland Security:
Better Management Practices Could Enhance DHS's Ability to Allocate
Investigative Resources, [77]GAO-06-462T (Washington, D.C.: March 28,
2006).

Provision of Immigration Services

Although DHS has made progress in reducing its backlog of immigration
benefit applications, improvements are still needed in the provision of
immigration services, particularly by strengthening internal controls to
prevent fraud and inaccuracy.26 Since 2005, DHS has enhanced the
efficiency of certain immigration services. For example, U.S. Citizenship
and Immigration Services (USCIS) estimated that it had reduced its backlog
of immigration benefits applications from a peak of 3.8 million cases to
1.2 million cases from January 2004 to June 2005. USCIS has also
established a focal point for immigration fraud, outlined a fraud control
strategy that relies on the use of automation to detect fraud, and is
performing fraud assessments to identify the extent and nature of fraud
for certain benefits. However, DHS still faces significant challenges in
its ability to effectively provide immigration services while at the same
time protecting the immigration system from fraud and mismanagement. USCIS
may have adjudicated tens of thousands of naturalization applications
without alien files, and adjudicators were not required to record whether
the alien file was available when they adjudicated the application.
Without these files, DHS may not be able to take enforcement action
against an applicant and could also approve an application for an
ineligible applicant. In response to our report, USCIS recently enacted a
policy that requires the adjudicator to record whether the alien file was
available when they adjudicated the application. In addition, USCIS has
not implemented important aspects of our internal control standards or
fraud control best practices identified by leading audit organizations.
Such best practices would include (1) a comprehensive risk management
approach, (2) mechanisms for ongoing monitoring during the course of
normal activities, (3) clear communication agencywide regarding how to
balance production-related goals with fraud-prevention activities, and (4)
performance goals for fraud prevention.

26GAO, Immigration Benefits: Additional Efforts Needed to Help Ensure
Alien Files Are Located when Needed, [78]GAO-07-85 (Washington, D.C.: Oct.
27, 2006); Immigration Benefits: Additional Controls and a Sanctions
Strategy Could Enhance DHS's Ability to Control Benefit Fraud,
[79]GAO-06-259 (Washington, D.C.: March 10, 2006); and Immigration
Benefits: Improvements Needed to Address Backlogs and Ensure Quality of
Adjudications, [80]GAO-06-20 (Washington, D.C.: Nov. 21, 2005).

Disaster Preparedness and Response

We have reported that DHS needs to more effectively coordinate disaster
preparedness, response, and recovery efforts.27 Between the time that FEMA
became part of DHS in March 2003 and Hurricane Katrina hit in late August
2005, its responsibilities had been dispersed and its role within DHS
continued to evolve. Hurricane Katrina severely tested disaster management
at the federal, state, and local levels and revealed weaknesses in the
basic elements of preparing for, responding to, and recovering from any
catastrophic disaster. Our analysis showed the need for (1) clearly
defined and understood leadership roles and responsibilities; (2) the
development of the necessary disaster capabilities; and (3) accountability
systems that effectively balance the need for fast and flexible response
against the need to prevent waste, fraud, and abuse. In September 2006, we
recommended that Congress give federal agencies explicit authority to take
actions to prepare for all types of catastrophic disasters when there is
warning. We also recommended that DHS (1) rigorously re-test, train, and
exercise its recent clarification of the roles, responsibilities, and
lines of authority for all levels of leadership, implementing changes
needed to remedy identified coordination problems; (2) direct that the
National Response Plan (NRP) base plan and its supporting Catastrophic
Incident Annex be supported by more robust and detailed operational
implementation plans; (3) provide guidance and direction for federal,
state, and local planning, training, and exercises to ensure such
activities fully support preparedness, response, and recovery
responsibilities at a jurisdictional and regional basis; (4) take a lead
in monitoring federal agencies' efforts to prepare to meet their
responsibilities under the NRP and the interim National Preparedness Goal;
and (5) use a risk management approach in deciding whether and how to
invest finite resources in specific capabilities for a catastrophic
disaster.

27GAO, Catastrophic Disasters: Enhanced Leadership, Capabilities, and
Accountability Controls Will Improve the Effectiveness of the Nation's
Preparedness, Response, and Recovery System, [81]GAO-06-618 (Washington,
D.C.: Sept. 6, 2006).

DHS has made revisions to the NRP and released its Supplement to the
Catastrophic Incident Annex--both designed to further clarify federal
roles and responsibilities and relationships among federal, state and
local governments and responders. However, these revisions have not been
rigorously tested. DHS is working on additional revisions to the NRP and
the National Incident Management System and recently informed Congress the
revisions to the NRP may not be complete by the scheduled June 1, 2007
target date. Thus, it is unlikely that any changes will be clearly
communicated, understood, and effectively tested prior to the 2007
Hurricane Season, which begins in June. DHS has also announced a number of
actions intended to improve readiness and response based on our work and
the work of congressional committees and the Administration. For example,
DHS is currently reorganizing FEMA as required by the fiscal year 2007 DHS
appropriations act.28 One major objective of this reorganization is to
integrate responsibility and accountability for disaster preparedness and
response within DHS by placing the responsibility for both within FEMA.
DHS has also announced a number of other actions to improve readiness and
response, such as mass care and shelter, in which FEMA rather than the Red
Cross, will now have the lead. However, there is little information
available on the extent to which these changes are tested and operational.

Finally, in its desire to provide assistance quickly following Hurricane
Katrina, DHS was unable to keep up with the magnitude of needs to confirm
the eligibility of victims for disaster assistance, or ensure that there
were provisions in contracts for response and recovery services to ensure
fair and reasonable prices in all cases. We recommended that DHS create
accountability systems that effectively balance the need for fast and
flexible response against the need to prevent waste, fraud, and abuse. We
also recommended that DHS provide guidance on advance procurement
practices (pre-contracting) and procedures for those federal agencies with
roles and responsibilities under the NRP so that these agencies can better
manage disaster-related procurement, and establish an assessment process
to monitor agencies' continuous planning efforts for their
disaster-related procurement needs and the maintenance of capabilities.29
For example, we identified a number of emergency response practices in the
public and private sectors that provide insight into how the federal
government can better manage its disaster-related procurements. These
include both developing knowledge of contractor capabilities and prices
and establishing vendor relationships prior to the disaster and
establishing a scalable operations plan to adjust the level of capacity to
match the response with the need. FEMA had taken some action on these
recommendations by entering into advance contracts for various goods,
supplies, and services, such as debris removal. However, DHS has not
implemented our recommendation to develop guidance on advance procurement
practices and procedures for those federal agencies and other partners,
such as the Red Cross, with roles and responsibilities under the NRP.

28Pub. L. No. 109-295, 120 Stat. 1355 (Oct. 4, 2006).

Actions Needed to Strengthen DHS's Transformation and Integration Efforts

To be removed from our high-risk list, agencies need to develop a
corrective action plan that defines the root causes of identified
problems, identifies effective solutions to those problems, and provides
for substantially completing corrective measures in the near term. Such a
plan should include performance measures, metrics and milestones to
measure their progress. Agencies should also demonstrate significant
progress in addressing the problems identified in their corrective action
plan. This should include a program to monitor and independently validate
progress. Finally, agencies, in particular top leadership, must
demonstrate a commitment to sustain initial improvements. This would
include a strong commitment to address the risk(s) that put the program or
function on the high-risk list and provide for the allocation of
sufficient people and resources (capacity) to resolve the risk(s) and
ensure that improvements are sustainable over the long term.

In the spring of 2006, DHS provided us a draft corrective action plan for
addressing its transformation challenges. This plan addressed major
management areas we had previously identified as key to DHS's
transformation--management integration through the DHS management
directorate and financial, information, acquisition, and human capital
management. The plan identified an overall goal to develop and implement
key department wide processes and systems to support DHS's transformation
into a department capable of planning, operating, and managing as one
effective department.

29See [82]GAO-06-618 .

In the short term, the plan sought to produce significant improvements
over the next 7 years that further DHS's ability to operate as one
department. Although the plan listed accomplishments and general goals for
the management functions, it did not contain (1) objectives linked to
those goals that are clear, concise, and measurable; (2) specific actions
to implement those objectives; (3) information linking sufficient people
and resources to implement the plan; or (4) an evaluation program to
monitor and independently validate progress toward meeting the goals and
measuring the effectiveness of the plan. As of May 2007, DHS has not
submitted a corrective action plan to OMB. According to an official at
OMB, this is one of the few high-risk areas that have not produced a final
corrective action plan.

In addition to developing an effective corrective action plan, agencies
must show that significant progress has taken place in improving
performance in the areas identified in its corrective action plan. While
our work has noted progress at DHS, for us to remove the DHS
implementation and transformation from our high-risk list, we need to be
able to independently assure ourselves and Congress that DHS has
implemented many of our past recommendations, or has taken other
corrective actions to address the challenges we identified. However, DHS
has not made its management or operational decisions transparent enough so
that Congress can be sure it is economically, efficiently, effectively,
ethically, and equitably using the billions of dollars in funding it
receives annually, and is providing the levels of security called for in
numerous legislative requirements and presidential directives. Our work
for Congress assessing DHS's operations has been significantly hampered by
long delays in granting us access to program documents and officials, or
by questioning our access to information needed to conduct our reviews.

We have processes for obtaining information from departments and agencies
across the federal government that work well. DHS's process--involving
multiple layers of review by department- and component-level liaisons and
attorneys regarding whether to provide us the requested information--does
not work as smoothly. DHS's processes have impeded our efforts to carry
out our mission by delaying access to documents that we require to assess
the department's operations. We have occasionally worked with DHS
management to establish a cooperative process--for example, reviewing
sensitive documents at a particular agency location--in an effort to not
only to maintain a productive working relationship with the department but
also to meet the needs of our congressional requesters in a timely manner.
I have spoken to Secretary Chertoff who pledged to make access a higher
priority and have met with Undersecretary Schneider who also assured us of
his cooperation. We are encouraged by these statements and look forward to
better relations with the department.

We recognize that the department has legitimate interests in protecting
certain types of sensitive information from public disclosure. We share
that interest as well and follow strict security guidelines in handling
such information. We similarly recognize that agency officials will need
to make judgments with respect to the manner and the processes they use in
response to our information requests. However, to date, because of the
processes adopted to make these judgments, GAO has often not been able to
do its work in a timely manner. We have been able to eventually obtain
information and to answer audit questions, but the delays we have
experienced at DHS have impeded our ability to conduct audit work
efficiently and to provide timely information to congressional clients.

Finally, to be removed from our high-risk list, any progress that occurs
must be sustainable over the long term. DHS's leaders need to make and
demonstrate a commitment to implementing a transformed organization. The
Secretary has stated such a commitment, most prominently as part of his
"second stage review" in the summer of 2005, and more recently in remarks
made at George Washington University's Homeland Security Policy Institute.
However, appropriate follow-up is required to assure that transformation
plans are effectively implemented and sustained, to include the allocation
of adequate resources to support transformation efforts. In this regard,
we were pleased when DHS established a Business Transformation Office, but
we believe that the office's effectiveness was limited because the
department did not give it the authority and responsibility needed to be
successful. We understand that this office has recently been eliminated.
Further, department leaders can show their commitment to transforming DHS
by acting on recommendations made by the Congress, study groups, and
accountability organizations such as its Office of the IG and GAO.
Although we have also seen some progress in this area, it is not enough
for us to conclude that DHS is committed to and capable of quickly
incorporating corrective actions into its operations. Therefore, until DHS
produces an acceptable corrective action plan, demonstrates progress
reforming its key management functions, and dedicates the resources
necessary to sustain this progress, it will likely remain on our high-risk
list.

Mr. Chairman and members of the subcommittee, this completes my prepared
statement. I would be happy to respond to any questions that you or other
members of the subcommittee may have at this time.

Contacts and Acknowledgements

For information about this testimony, please contact Norman Rabkin,
Managing Director, Homeland Security and Justice Issues, at (202)
512-8777, or [email protected] or Bernice Steinhardt, Director,
Strategic Issues at 202-512-6806 or [email protected] . Other
individuals making key contributions to this testimony include Christopher
Conrad, Anthony DeFrank, and Sarah Veale.

Appendix I: Related GAO Products

Implementing and Transforming the Department of Homeland Security

Implementation and Transformation

High-Risk Series: An Update, [85]GAO-07-310 (Washington, D.C.: Jan. 31,
2007).

Suggested Areas for Oversight for the 110th Congress, [86]GAO-07-235R
(Washington, D.C.: Nov. 17, 2006).

Homeland Security: DHS Is Addressing Security at Chemical Facilities, but
Additional Authority Is Needed, [87]GAO-06-899T (Washington, D.C.: June
21, 2006).

Homeland Security: Guidance and Standards Are Needed for Measuring the
Effectiveness of Agencies' Facility Protection Efforts, [88]GAO-06-612
(Washington, D.C.: May 31, 2006).

Homeland Security: DHS Needs to Improve Ethics-Related Management Controls
for the Science and Technology Directorate, [89]GAO-06-206 (Washington,
D.C.: Dec. 22, 2005).

Critical Infrastructure Protection: Department of Homeland Security Faces
Challenges in Fulfilling Cybersecurity Responsibilities, [90]GAO-05-434
(Washington, D.C.: May 26, 2005).

Homeland Security: Overview of Department of Homeland Security Management
Challenges, [91]GAO-05-573T (Washington, D.C.: April 20, 2005).

Results-Oriented Government: Improvements to DHS's Planning Process Would
Enhance Usefulness and Accountability, [92]GAO-05-300 (Washington, D.C.:
March 31, 2005).

Department of Homeland Security: A Comprehensive and Sustained Approach
Needed to Achieve Management Integration, [93]GAO-05-139 (Washington,
D.C.: March 16, 2005).

Homeland Security: Further Actions Needed to Coordinate Federal Agencies'
Facility Protection Efforts and Promote Key Practices, [94]GAO-05-49
(Washington, D.C.: Nov. 30, 2004).

Highlights of a GAO Forum: Mergers and Transformation: Lessons Learned for
a Department of Homeland Security and Other Federal Agencies,
[95]GAO-03-293SP (Washington, D.C.: Nov. 14, 2002).

Determining Performance and Accountability Challenges and High Risks,
[96]GAO-01-159SP (Washington, D.C.: Aug. 2000).

Financial Management and Internal Controls

Financial Management Systems: DHS Has an Opportunity to Incorporate Best
Practices in Modernization Efforts, [97]GAO-06-553T (Washington, D.C.:
March 29, 2006).

Financial Management: Department of Homeland Security Faces Significant
Financial Management Challenges, [98]GAO-04-774 . Washington, D.C.: July
19, 2004).

Information Technology

Homeland Security: DHS Enterprise Architecture Continues to Evolve but
Improvements Needed, [99]GAO-07-564 (Washington, D.C.: May 9, 2007).

Information Technology: DHS Needs to Fully Define and Implement Policies
and Procedures for Effectively Managing Investments, [100]GAO-07-424
(Washington, D.C.: April 27, 2007).

Information Technology: Customs Has Made Progress on Automated Commercial
Environment System, but It Faces Long-Standing Management Challenges and
New Risks, [101]GAO-06-580 (Washington, D.C.: May 31, 2006).

Information Sharing: DHS Should Take Steps to Encourage More Widespread
Use of Its Program to Protect and Share Critical Infrastructure
Information, [102]GAO-06-383 (Washington, D.C.: April 17, 2006).

Homeland Security: Progress Continues, but Challenges Remain on
Department's Management of Information Technology, [103]GAO-06-598T
(Washington, D.C.: March 29, 2006).

Information Technology: Management Improvements Needed on Immigration and
Customs Enforcement's Infrastructure Modernization Program,
[104]GAO-05-805 (Washington, D.C.: Sept. 7, 2005.)

Information Security: Department of Homeland Security Needs to Fully
Implement Its Security Program. [105]GAO-05-700 (Washington, D.C.: June
17, 2005).

Information Technology: Federal Agencies Face Challenges in Implementing
Initiatives to Improve Public Health Infrastructure, [106]GAO-05-308
(Washington, D.C.: June 10, 2005).

Information Technology: Customs Automated Commercial Environment Program
Progressing, but Need for Management Improvements Continues.
[107]GAO-05-267 (Washington, D.C.: March 14, 2005).

Department of Homeland Security: Formidable Information and Technology
Management Challenge Requires Institutional Approach, [108]GAO-04-702
(Washington, D.C.: Aug. 27, 2004).

Human Capital Systems

Budget Issues: FEMA Needs Adequate Data, Plans, and Systems to Effectively
Manage Resources for Day-to-Day Operations, [109]GAO-07-139 (Washington,
D.C.: Jan. 19, 2007).

Border Security: Stronger Actions Needed to Assess and Mitigate Risks of
the Visa Waiver Program, [110]GAO-06-854 (Washington, D.C.: July 28,
2006).

Information on Immigration Enforcement and Supervisory Promotions in the
Department of Homeland Security's Immigration and Customs Enforcement and
Customs and Border Protection, [111]GAO-06-751R (Washington, D.C.: June
13, 2006).

Homeland Security: Visitor and Immigrant Status Program Operating, but
Management Improvements Are Still Needed, [112]GAO-06-318T (Washington,
D.C.: Jan. 25, 2006).

Department of Homeland Security: Strategic Management of Training
Important for Successful Transformation, [113]GAO-05-888 (Washington,
D.C.: Sept. 23, 2005).

Acquisition Management

Interagency Contracting: Improved Guidance, Planning, and Oversight Would
Enable the Department of Homeland Security to Address Risks,
[114]GAO-06-996 (Washington, D.C.: Sept. 27, 2006).

Homeland Security: Challenges in Creating an Effective Acquisition
Organization, [115]GAO-06-1012T (Washington, D.C.: July 27, 2006).

Homeland Security: Successes and Challenges in DHS's Efforts to Create an
Effective Acquisition Organization, [116]GAO-05-179 (Washington, D.C.:
March 29, 2005).

Homeland Security: Further Action Needed to Promote Successful Use of
Special DHS Acquisition Authority, [117]GAO-05-136 (Washington, D.C.: Dec.
15, 2004).

Transportation Security

Aviation Security: Federal Efforts to Secure U.S.-Bound Air Cargo Are in
the Early Stages and Could Be Strengthened, [118]GAO-07-660 (Washington,
D.C.: April 30, 2007).

Aviation Security: TSA's Change to its Prohibited Items List Has Not
Resulted in Any Reported Public Safety Incidents, but the Impact of the
Change on Screening Operations is Inconclusive,  [119]GAO-07-623R .
(Washington, D.C.: April 25, 2007).

Aviation Security: Risk, Experience, and Customer Service Drive Changes to
Airline Passenger Screening Procedures, but Evaluation and Documentation
of Proposed Changes Could Be Improved, [120]GAO-07-634 (Washington, D.C.:
April 16, 2007).

Aviation Security: TSA's Staffing Allocation Model Is Useful for
Allocating Staff among Airports, but Its Assumptions Should Be
Systematically Reassessed, [121]GAO-07-299 (Washington, D.C.: Feb. 28,
2007).

Aviation Security: Progress Made in Systematic Planning to Guide Key
Investment Decisions, but More Work Remains, [122]GAO-07-448T ,
(Washington, D.C.: Feb. 13, 2007).

Transportation Security Administration: Oversight of Explosive Detection
Systems Maintenance Contracts Can Be Strengthened, [123]GAO-06-795
(Washington, D.C.: July 31, 2006).

Aviation Security: TSA Oversight of Checked Baggage Screening Procedures
Could Be Strengthened, [124]GAO-06-869 (Washington, D.C.: July 28, 2006).

Rail Transit: Additional Federal Leadership Would Enhance FTA's State
Safety Oversight Program, [125]GAO-06-821 (Washington, D.C.: July 26,
2006).

Aviation Security: Management Challenges Remain for the Transportation
Security Administration's Secure Flight Program, [126]GAO-06-864T
(Washington, D.C.: June 14, 2006).

Aviation Security: Enhancements Made in Passenger and Checked Baggage
Screening, but Challenges Remain, [127] GAO-06-371T (Washington, D.C.:
April 4, 2006).

Aviation Security: Progress Made to Set Up Program Using Private-Sector
Airport Screeners, but More Work Remains, [128]GAO-06-166 (Washington,
D.C.: March 31, 2006).

Aviation Security: Significant Management Challenges May Adversely Affect
Implementation of the Transportation Security Administration's Secure
Flight Program, [129]GAO-06-374T (Washington, D.C.: Feb. 9, 2006).

Aviation Security: Federal Air Marshal Service Could Benefit from Improved
Planning and Controls, [130]GAO-06-203 (Washington, D.C.: Nov. 28, 2005).

Aviation Security: Federal Action Needed to Strengthen Domestic Air Cargo
Security, [131]GAO-06-76 (Washington, D.C.: Oct. 17, 2005.)

Passenger Rail Security: Enhanced Federal Leadership Needed to Prioritize
and Guide Security Efforts, [132]GAO-05-851 (Washington, D.C.: Sept. 9,
2005).

Aviation Security: Flight and Cabin Crew Member Security Training
Strengthened, but Better Planning and Internal Controls Needed,
[133]GAO-05-781 (Washington, D.C.: Sept. 6. 2005).

Aviation Safety: Oversight of Foreign Code-Share Safety Program Should Be
Strengthened, [134]GAO-05-930 (Washington, D.C.: Aug. 5, 2005).

Homeland Security: Agency Resources Address Violations of Restricted
Airspace, but Management Improvements Are Needed, [135]GAO-05-928T
(Washington, D.C.: July 21, 2005).

Aviation Security: Secure Flight Development and Testing Under Way, but
Risks Should Be Managed as System Is Further Developed, [136]GAO-05-356
(Washington, D.C.: March 28, 2005).

Aviation Security: Systematic Planning Needed to Optimize the Deployment
of Checked Baggage Screening Systems, [137]GAO-05-365 (Washington, D.C.:
March 15, 2005).

Coast Guard Acquisitions and Non-Homeland Security Missions

Coast Guard: Observations on the Fiscal Year 2008 Budget, Performance,
Reorganization, and Related Challenges: [138]GAO-07-489T (Washington,
D.C.: April 18, 2007).

Coast Guard: Status of Efforts to Improve Deepwater Program Management and
Address Operational Challenges, [139]GAO-07-575T (Washington, D.C.: March
8, 2007).

Coast Guard: Preliminary Observations on Deepwater Program Assets and
Management Challenges, [140]GAO-07-446T (Washington, D.C.: Feb. 15, 2007).

Coast Guard: Efforts to Improve Management and Address Operational
Challenges in the Deepwater Program, [141]GAO-07-460T (Washington, D.C.:
Feb. 14, 2007).

Homeland Security: Observations on the Department of Homeland Security's
Acquisition Organization and on the Coast Guard's Deepwater Program,
[142]GAO-07-453T (Washington, D.C.: Feb. 8, 2007).

United States Coast Guard: Improvements Needed in Management and Oversight
of Rescue System Acquisition, [143]GAO-06-623 (Washington, D.C.: May 31,
2006).

Coast Guard: Changes to Deepwater Plan Appear Sound, and Program
Management Has Improved, but Continued Monitoring is Warranted,
[144]GAO-06-546 (Washington, D.C.: April 28, 2006).

Risk Management: Further Refinements Needed to Assess Risks and Prioritize
Protective Measures at Ports and Other Critical Infrastructure,
[145]GAO-06-91 (Washington, D.C.: Dec. 15, 2005.)

Maritime Security: Enhancements Made, but Implementation and
Sustainability Remain Key Challenges, [146]GAO-05-448T (Washington, D.C.:
May 17, 2005).

Cargo Security: Partnership Program Grants Importers Reduced Scrutiny with
Limited Assurance of Improved Security, [147]GA0-05-404 (Washington, D.C.:
March 11, 2005).

Coast Guard: Station Readiness Improving, but Resource Challenges and
Management Concerns Remain, [148]GAO-05-161 (Washington, D.C.: Jan. 31,
2005).

Contract Management: Coast Guard's Deepwater Program Needs Increased
Attention to Management and Contractor Oversight, [149]GAO-04-380
(Washington, D.C.: March 9, 2004).

Border Security and the Regulation of Trade

Border Security: US-VISIT Program Faces Strategic, Operational, and
Technological Challenges at Land Ports of Entry, [150]GAO-07-248
(Washington, D.C.: Dec. 6, 2006).

Border Security: Stronger Actions Needed to Assess and Mitigate Risks of
the Visa Waiver Program, [151]GAO-06-854 (Washington, D.C.: July 28,
2006).

Information Technology: Customs Has Made Progress on Automated Commercial
Environment System, but It Faces Long-Standing Management Challenges and
New Risks, [152]GAO-06-580 (Washington, D.C.: May 31, 2006).

Border Security: Key Unresolved Issues Justify Reevaluation of Border
Surveillance Technology Program, [153]GAO-06-295 (Washington, D.C.: Feb.
22, 2006).

Homeland Security: Recommendations to Improve Management of Key Border
Security Program Need to Be Implemented, [154] GAO-06-296 (Washington,
D.C.: Feb. 14, 2006).

Border Security: Strengthened Visa Process Would Benefit from Improvements
in Staffing and Information Sharing, [155]GAO-05-859 (Washington, D.C.:
Sept. 13, 2005).

Border Security: Opportunities to Increase Coordination of Air and Marine
Assets, [156]GAO-05-543 (Washington, D.C.: Aug. 12, 2005).

Border Security: Actions Needed to Strengthen Management of Department of
Homeland Security's Visa Security Program, [157]GAO-05-801 (Washington,
D.C.: July 29, 2005).

Border Patrol: Available Data on Interior Checkpoints Suggest Differences
in Sector Performance, [158]GAO-05-435 (Washington, D.C.: July 22, 2005).

Enforcement of Immigration Laws

Immigration Enforcement: Weaknesses Hinder Employment Verification and
Worksite Enforcement Efforts, [159]GAO-06-895T (Washington, D.C.: June 19,
2006).

Information on Immigration Enforcement and Supervisory Promotions in the
Department of Homeland Security's Immigration and Customs Enforcement and
Customs and Border Protection, [160]GAO-06-751R (Washington, D.C.: June
13, 2006).

Homeland Security: Contract Management and Oversight for Visitor and
Immigrant Status Program Need to Be Strengthened, [161]GAO-06-404
(Washington, D.C.: June 9, 2006).

Homeland Security: Better Management Practices Could Enhance DHS's Ability
to Allocate Investigative Resources, [162]GAO-06-462T (Washington, D.C.:
March 28, 2006).

Immigration Enforcement: Weaknesses Hinder Employment Verification and
Worksite Enforcement Efforts, [163]GAO-05-813 (Washington, D.C.: Aug. 31,
2005).

Provision of Immigration Services

Immigration Benefits: Additional Efforts Needed to Help Ensure Alien Files
Are Located when Needed, [164]GAO-07-85 (Washington, D.C.: Oct. 27, 2006).

Immigration Benefits: Additional Controls and a Sanctions Strategy Could
Enhance DHS's Ability to Control Benefit Fraud, [165]GAO-06-259
(Washington, D.C.: March 10, 2006).

Immigration Benefits: Improvements Needed to Address Backlogs and Ensure
Quality of Adjudications, [166]GAO-06-20 (Washington, D.C.: Nov. 21,
2005).

Immigration Services: Better Contracting Practices Needed at Call Centers,
[167]GAO-05-526 (Washington, D.C.: June 30, 2005.)

Disaster Preparedness and Response

Catastrophic Disasters: Enhanced Leadership, Capabilities, and
Accountability Controls Will Improve the Effectiveness of the Nation's
Preparedness, Response, and Recovery System, [168]GAO-06-618 (Washington,
D.C.: Sept. 6, 2006).

Disaster Relief: Governmentwide Framework Needed to Collect and
Consolidate Information to Report on Billions in Federal Funding for the
2005 Gulf Coast Hurricanes, [169]GAO-06-834 (Washington, D.C.: Sept. 6,
2006).

Disaster Preparedness: Limitations in Federal Evacuation Assistance for
Health Facilities Should be Addressed, [170]GAO-06-826 (Washington, D.C.:
July 20, 2006).

Expedited Assistance for Victims of Hurricanes Katrina and Rita: FEMA's
Control Weaknesses Exposed the Government to Significant Fraud and Abuse,
[171]GAO-06-655 (Washington, D.C.: June 16, 2006).

Hurricane Katrina: Comprehensive Policies and Procedures Are Needed to
Ensure Appropriate Use of and Accountability for International Assistance,
[172]GAO-06-460 (Washington, D.C.: April 6, 2006).

Continuity of Operations: Agency Plans Have Improved, but Better Oversight
Could Assist Agencies in Preparing for Emergencies, [173]GAO-05-577
(Washington, D.C.: April 28, 2005).

This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed in
its entirety without further permission from GAO. However, because this
work may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this material
separately.

GAO's Mission

The Government Accountability Office, the audit, evaluation, and
investigative arm of Congress, exists to support Congress in meeting its
constitutional responsibilities and to help improve the performance and
accountability of the federal government for the American people. GAO
examines the use of public funds; evaluates federal programs and policies;
and provides analyses, recommendations, and other assistance to help
Congress make informed oversight, policy, and funding decisions. GAO's
commitment to good government is reflected in its core values of
accountability, integrity, and reliability.

Obtaining Copies of GAO Reports and Testimony

The fastest and easiest way to obtain copies of GAO documents at no cost
is through GAO's Web site ( www.gao.gov ). Each weekday, GAO posts
newly released reports, testimony, and correspondence on its Web site. To
have GAO e-mail you a list of newly posted products every afternoon, go to
www.gao.gov and select "Subscribe to Updates."

Order by Mail or Phone

The first copy of each printed report is free. Additional copies are $2
each. A check or money order should be made out to the Superintendent of
Documents. GAO also accepts VISA and Mastercard. Orders for 100 or more
copies mailed to a single address are discounted 25 percent. Orders should
be sent to:

U.S. Government Accountability Office 441 G Street NW, Room LM Washington,
D.C. 20548

To order by Phone: Voice: (202) 512-6000
TDD: (202) 512-2537
Fax: (202) 512-6061

To Report Fraud, Waste, and Abuse in Federal Programs

Contact:

Web site: www.gao.gov/fraudnet/fraudnet.htm
E-mail: [email protected]
Automated answering system: (800) 424-5454 or (202) 512-7470

Congressional Relations

Gloria Jarmon, Managing Director, [email protected] (202) 512-4400 U.S.
Government Accountability Office, 441 G Street NW, Room 7125 Washington,
D.C. 20548

Public Affairs

Paul Anderson, Managing Director, [email protected] (202) 512-4800
U.S. Government Accountability Office, 441 G Street NW, Room 7149
Washington, D.C. 20548

www.gao.gov/cgi-bin/getrpt?GAO-07-833T .

To view the full product, including the scope and methodology, click on
the link above. For more information, contact Norman Rabkin at (202)
512-8777 or [email protected] or Bernice Steinhardt, at 202-512-6806 or
[email protected]

Highlights of [183]GAO-07-833T , a testimony before the Subcommittee on
Oversight of Government Management, the Federal Workforce, and the
District of Columbia, Committee on Homeland Security and Government al
Affairs, U.S. Senate

May 10,2007

HOMELAND SECURITY

Management and Programmatic Challenges Facing the Department of Homeland
Security

The Department of Homeland Security (DHS) plays a key role in leading and
coordinating--with stakeholders in the federal, state, local, and private
sectors--the nation's homeland security efforts. GAO has conducted
numerous reviews of DHS management functions as well as programs including
transportation and border security, immigration enforcement and service
delivery, and disaster preparation and response. This testimony addresses:

           o why GAO designated DHS's implementation and transformation as a
           high-risk area,
           o specific management challenges that DHS continues to face,
           o examples of the program challenges that DHS faces, and
           o actions DHS should take to strengthen its implementation and
           transformation efforts.

[184]What GAO Recommends

While this testimony contains no new recommendations, GAO has made
numerous prior recommendations to DHS in reports addressing the issues
identified in this statement. DHS generally concurred with these
recommendations; however it is not clear to what extent these
recommendations are being implemented.

GAO designated implementing and transforming DHS as high risk in 2003
because DHS had to transform and integrate 22 agencies--several with
existing program and management challenges--into one department, and
failure to effectively address its challenges could have serious
consequences for our homeland security. Despite some progress, this
transformation remains high risk.

Managing the transformation of an organization of the size and complexity
of DHS requires comprehensive planning and integration of key management
functions that will likely span a number of years. DHS has made some
progress in these areas, but much additional work is required to help
ensure sustainable success. DHS has also issued guidance and plans to
assist management integration on a function by function basis, but lacks a
comprehensive integration strategy with overall goals, a timeline,
appropriate responsibility and accountability determinations, and a
dedicated team to support its efforts. The latest independent audit of
DHS's financial statements showed that its financial management systems
still do not conform to federal requirements. DHS has also not
institutionalized an effective strategic framework for information
management, and its human capital and acquisition systems require further
attention to ensure that DHS allocates resources economically,
effectively, ethically, and equitably.

Since GAO's 2007 high-risk update, DHS has continued to strengthen program
activities but still faces a range of programmatic and partnering
challenges. To help ensure its missions are achieved, DHS must overcome
continued challenges related to such issues as cargo, transportation, and
border security; systematic visitor tracking; efforts to combat the
employment of illegal aliens; and outdated Coast Guard asset capabilities.
Further, DHS and the Federal Emergency Management Agency need to continue
to develop clearly defined leadership roles and responsibilities;
necessary disaster response capabilities; accountability systems to
provide effective services while protecting against waste, fraud, and
abuse; and the ability to conduct advance contracting for emergency
response goods, supplies, and services.

DHS has not produced a final corrective action plan specifying how it will
address its many management challenges. Such a plan should define the root
causes of known problems, identify effective solutions, have management
support, and provide for substantially completing corrective measures in
the near term. It should also include performance metrics and milestones,
as well as mechanisms to monitor progress. It will also be important for
DHS to become more transparent and minimize recurring delays in providing
access to information on its programs and operations so that Congress,
GAO, and others can independently assess its efforts. DHS may require a
chief management official, with sufficient authority, dedicated to the
overall transformation process to help ensure sustainable success over
time.

References

Visible links
  37. http://www.gao.gov/cgi-bin/getrpt?GAO-01-159SP
  38. http://www.gao.gov/cgi-bin/getrpt?GAO-03-293SPEUR
  39. http://www.gao.gov/cgi-bin/getrpt?GAO-07-235R
  40. http://www.gao.gov/cgi-bin/getrpt?GAO-05-300
  41. http://www.gao.gov/cgi-bin/getrpt?GAO-06-462T
  42. http://www.gao.gov/cgi-bin/getrpt?GAO-05-435
  43. http://www.gao.gov/cgi-bin/getrpt?GAO-06-374T
  44. http://www.gao.gov/cgi-bin/getrpt?GAO-05-448TEUR
  45. http://www.gao.gov/cgi-bin/getrpt?GAO-06-462T
  46. http://www.gao.gov/cgi-bin/getrpt?GAO-06-899T
  47. http://www.gao.gov/cgi-bin/getrpt?GAO-04-774
  48. http://www.gao.gov/cgi-bin/getrpt?GAO-06-598T
  49. http://www.gao.gov/cgi-bin/getrpt?GAO-07-564
  50. http://www.gao.gov/cgi-bin/getrpt?GAO-07-424
  51. http://www.gao.gov/cgi-bin/getrpt?GAO-05-888
  52. http://www.gao.gov/cgi-bin/getrpt?GAO-06-751R
  53. http://www.gao.gov/cgi-bin/getrpt?GAO-06-318T
  54. http://www.gao.gov/cgi-bin/getrpt?GAO-06-854
  55. http://www.gao.gov/cgi-bin/getrpt?GAO-05-573T
  56. http://www.gao.gov/cgi-bin/getrpt?GAO-05-179
  57. http://www.gao.gov/cgi-bin/getrpt?GAO-06-1012T
  58. http://www.gao.gov/new.items/d06996.pdf
  59. http://www.gao.gov/cgi-bin/getrpt?GAO-05-781
  60. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  61. http://www.gao.gov/cgi-bin/getrpt?GAO-06-821
  62. http://www.gao.gov/cgi-bin/getrpt?GAO-06-869
  63. http://www.gao.gov/cgi-bin/getrpt?GAO-06-869
  64. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
  65. http://www.gao.gov/cgi-bin/getrpt?GAO-06-371T
  66. http://www.gao.gov/new.items/d07660.pdf
  67. http://www.gao.gov/cgi-bin/getrpt?GAO-06-864T
  68. http://www.gao.gov/cgi-bin/getrpt?GAO-04-480
  69. http://www.gao.gov/cgi-bin/getrpt?GAO-06-546
  70. http://www.gao.gov/cgi-bin/getrpt?GAO-07-248
  71. http://www.gao.gov/cgi-bin/getrpt?GAO-06-854
  72. http://www.gao.gov/cgi-bin/getrpt?GAO-06-295
  73. http://www.gao.gov/cgi-bin/getrpt?GAO-06-580
  74. http://www.gao.gov/cgi-bin/getrpt?GAO-06-296
  75. http://www.gao.gov/cgi-bin/getrpt?GAO-06-751R
  76. http://www.gao.gov/cgi-bin/getrpt?GAO-06-895T
  77. http://www.gao.gov/cgi-bin/getrpt?GAO-06-462T
  78. http://www.gao.gov/cgi-bin/getrpt?GAO-07-85
  79. http://www.gao.gov/cgi-bin/getrpt?GAO-06-259
  80. http://www.gao.gov/cgi-bin/getrpt?GAO-06-20
  81. http://www.gao.gov/cgi-bin/getrpt?GAO-06-618
  82. http://www.gao.gov/cgi-bin/getrpt?GAO-06-618
  85. http://www.gao.gov/cgi-bin/getrpt?GAO-07-310
  86. http://www.gao.gov/cgi-bin/getrpt?GAO-07-235R
  87. http://www.gao.gov/cgi-bin/getrpt?GAO-06-899T
  88. http://www.gao.gov/cgi-bin/getrpt?GAO-06-612
  89. http://www.gao.gov/cgi-bin/getrpt?GAO-06-206
  90. http://www.gao.gov/cgi-bin/getrpt?GAO-05-434
  91. http://www.gao.gov/cgi-bin/getrpt?GAO-05-573T
  92. http://www.gao.gov/cgi-bin/getrpt?GAO-05-300
  93. http://www.gao.gov/cgi-bin/getrpt?GAO-05-139
  94. http://www.gao.gov/cgi-bin/getrpt?GAO-05-49
  95. http://www.gao.gov/cgi-bin/getrpt?GAO-03-293SP
  96. http://www.gao.gov/cgi-bin/getrpt?GAO-01-159SP
  97. http://www.gao.gov/cgi-bin/getrpt?GAO-06-553T
  98. http://www.gao.gov/cgi-bin/getrpt?GAO-04-774
  99. http://www.gao.gov/cgi-bin/getrpt?GAO-07-564
 100. http://www.gao.gov/cgi-bin/getrpt?GAO-07-424
 101. http://www.gao.gov/cgi-bin/getrpt?GAO-06-580
 102. http://www.gao.gov/cgi-bin/getrpt?GAO-06-383
 103. http://www.gao.gov/cgi-bin/getrpt?GAO-06-598T
 104. http://www.gao.gov/cgi-bin/getrpt?GAO-05-805
 105. http://www.gao.gov/cgi-bin/getrpt?GAO-05-700
 106. http://www.gao.gov/cgi-bin/getrpt?GAO-05-308
 107. http://www.gao.gov/cgi-bin/getrpt?GAO-05-267
 108. http://www.gao.gov/cgi-bin/getrpt?GAO-04-702
 109. http://www.gao.gov/cgi-bin/getrpt?GAO-07-139
 110. http://www.gao.gov/cgi-bin/getrpt?GAO-06-854
 111. http://www.gao.gov/cgi-bin/getrpt?GAO-06-751R
 112. http://www.gao.gov/cgi-bin/getrpt?GAO-06-318T
 113. http://www.gao.gov/cgi-bin/getrpt?GAO-05-888
 114. http://www.gao.gov/new.items/d06996.pdf
 115. http://www.gao.gov/cgi-bin/getrpt?GAO-06-1012T
 116. http://www.gao.gov/cgi-bin/getrpt?GAO-05-179
 117. http://www.gao.gov/cgi-bin/getrpt?GAO-05-136
 118. http://www.gao.gov/cgi-bin/getrpt?GAO-07-660
 119. http://www.gao.gov/new.items/d07623r.pdf
 120. http://www.gao.gov/cgi-bin/getrpt?GAO-07-634
 121. http://www.gao.gov/cgi-bin/getrpt?GAO-07-299
 122. http://www.gao.gov/cgi-bin/getrpt?GAO-07-448T
 123. http://www.gao.gov/cgi-bin/getrpt?GAO-06-795
 124. http://www.gao.gov/cgi-bin/getrpt?GAO-06-869
 125. http://www.gao.gov/cgi-bin/getrpt?GAO-06-821
 126. http://www.gao.gov/cgi-bin/getrpt?GAO-06-864T
 127. http://www.gao.gov/cgi-bin/getrpt?GAO-06-371T
 128. http://www.gao.gov/cgi-bin/getrpt?GAO-06-166
 129. http://www.gao.gov/cgi-bin/getrpt?GAO-06-374T
 130. http://www.gao.gov/cgi-bin/getrpt?GAO-06-203
 131. http://www.gao.gov/cgi-bin/getrpt?GAO-06-76
 132. http://www.gao.gov/cgi-bin/getrpt?GAO-05-851
 133. http://www.gao.gov/cgi-bin/getrpt?GAO-05-781
 134. http://www.gao.gov/cgi-bin/getrpt?GAO-05-930
 135. http://www.gao.gov/cgi-bin/getrpt?GAO-05-928T
 136. http://www.gao.gov/cgi-bin/getrpt?GAO-05-356
 137. http://www.gao.gov/cgi-bin/getrpt?GAO-05-365
 138. http://www.gao.gov/cgi-bin/getrpt?GAO-07-489T
 139. http://www.gao.gov/cgi-bin/getrpt?GAO-07-575T
 140. http://www.gao.gov/cgi-bin/getrpt?GAO-07-446T
 141. http://www.gao.gov/cgi-bin/getrpt?GAO-07-460T
 142. http://www.gao.gov/cgi-bin/getrpt?GAO-07-453T
 143. http://www.gao.gov/cgi-bin/getrpt?GAO-06-623
 144. http://www.gao.gov/cgi-bin/getrpt?GAO-06-546
 145. http://www.gao.gov/cgi-bin/getrpt?GAO-06-91
 146. http://www.gao.gov/cgi-bin/getrpt?GAO-05-448T
 147. http://www.gao.gov/cgi-bin/getrpt?GAO-05-404
 148. http://www.gao.gov/cgi-bin/getrpt?GAO-06-161
 149. http://www.gao.gov/cgi-bin/getrpt?GAO-04-480
 150. http://www.gao.gov/cgi-bin/getrpt?GAO-07-248
 151. http://www.gao.gov/cgi-bin/getrpt?GAO-06-854
 152. http://www.gao.gov/cgi-bin/getrpt?GAO-06-580
 153. http://www.gao.gov/cgi-bin/getrpt?GAO-06-295
 154. http://www.gao.gov/cgi-bin/getrpt?GAO-06-296
 155. http://www.gao.gov/cgi-bin/getrpt?GAO-05-859
 156. http://www.gao.gov/cgi-bin/getrpt?GAO-05-543
 157. http://www.gao.gov/cgi-bin/getrpt?GAO-05-801
 158. http://www.gao.gov/cgi-bin/getrpt?GAO-05-435
 159. http://www.gao.gov/cgi-bin/getrpt?GAO-06-895T
 160. http://www.gao.gov/cgi-bin/getrpt?GAO-06-751R
 161. http://www.gao.gov/cgi-bin/getrpt?GAO-06-404
 162. http://www.gao.gov/cgi-bin/getrpt?GAO-06-462T
 163. http://www.gao.gov/cgi-bin/getrpt?GAO-05-813
 164. http://www.gao.gov/cgi-bin/getrpt?GAO-07-85
 165. http://www.gao.gov/cgi-bin/getrpt?GAO-06-259
 166. http://www.gao.gov/cgi-bin/getrpt?GAO-06-20
 167. http://www.gao.gov/cgi-bin/getrpt?GAO-05-526
 168. http://www.gao.gov/cgi-bin/getrpt?GAO-06-618
 169. http://www.gao.gov/cgi-bin/getrpt?GAO-06-834
 170. http://www.gao.gov/cgi-bin/getrpt?GAO-06-826
 171. http://www.gao.gov/cgi-bin/getrpt?GAO-06-655
 172. http://www.gao.gov/cgi-bin/getrpt?GAO-06-460
 173. http://www.gao.gov/cgi-bin/getrpt?GAO-05-577
 183. http://www.gao.gov/cgi-bin/getrpt?GAO-07-452T
*** End of document. ***