Department of Homeland Security: Improved Assessment and	 
Oversight Needed to Manage Risk of Contracting for Selected	 
Services (17-SEP-07, GAO-07-990).				 
                                                                 
In fiscal year 2005, the Department of Homeland Security (DHS)	 
obligated $1.2 billion to procure four types of professional and 
management support services--program management and support,	 
engineering and technical, other professional, and other	 
management support. While contracting for such services can help 
DHS meet its needs, there is risk associated with contractors	 
closely supporting inherently governmental functions--functions  
that should be performed only by government employees. This	 
report (1) describes the contracted services, (2) identifies	 
potential risk and the extent to which DHS considered risk when  
deciding to contract for these services, and (3) assesses DHS's  
approach to managing and overseeing these services. GAO analyzed 
117 judgmentally selected statements of work and 9 cases in	 
detail for contracts awarded in fiscal year 2005 by the Coast	 
Guard, the Office of Procurement Operations (OPO), and the	 
Transportation Security Administration (TSA).			 
-------------------------Indexing Terms------------------------- 
REPORTNUM:   GAO-07-990 					        
    ACCNO:   A76408						        
  TITLE:     Department of Homeland Security: Improved Assessment and 
Oversight Needed to Manage Risk of Contracting for Selected	 
Services							 
     DATE:   09/17/2007 
  SUBJECT:   Accountability					 
	     Contract administration				 
	     Contract oversight 				 
	     Contract performance				 
	     Federal procurement				 
	     Federal procurement policy 			 
	     Government contracts				 
	     Homeland security					 
	     Procurement planning				 
	     Procurement policy 				 
	     Procurement practices				 
	     Program management 				 
	     Risk management					 
	     Service contracts					 
	     Strategic planning 				 
	     Government agency oversight			 

******************************************************************
** This file contains an ASCII representation of the text of a  **
** GAO Product.                                                 **
**                                                              **
** No attempt has been made to display graphic images, although **
** figure captions are reproduced.  Tables are included, but    **
** may not resemble those in the printed version.               **
**                                                              **
** Please see the PDF (Portable Document Format) file, when     **
** available, for a complete electronic file of the printed     **
** document's contents.                                         **
**                                                              **
******************************************************************
GAO-07-990

   

     * [1]Results in Brief
     * [2]Background
     * [3]DHS Contracts for Selected Services Covered a Range of Activ
     * [4]DHS Did Not Consider Risk when Deciding to Contract for Sele

          * [5]DHS Contracting Decisions Were Largely Driven by a Lack of S
          * [6]Selected Cases May Have Been at Risk of Contractors Influenc

               * [7]Contractor Services Integral to DHS's Mission and
                 Comparable
               * [8]Ongoing Contractor Support
               * [9]Broadly Defined Requirements

          * [10]Officials Generally Did Not Address Risk when Contracting fo

     * [11]Management of Contracts for Selected Services May Not Have B

          * [12]Officials Did Not Provide Required Oversight of Contracts fo
          * [13]Control and Accountability Were Limited
          * [14]DHS Is Implementing Oversight Initiatives

     * [15]Conclusions
     * [16]Recommendations for Executive Action
     * [17]Agency Comments and Our Evaluation

          * [18]Selection of Services and Contracts

     * [19]GAO's Mission
     * [20]Obtaining Copies of GAO Reports and Testimony

          * [21]Order by Mail or Phone

     * [22]To Report Fraud, Waste, and Abuse in Federal Programs
     * [23]Congressional Relations
     * [24]Public Affairs
     * [25]wordcover08-07-990.pdf

          * [26]Report to Congressional Requesters

               * [27]September 2007

          * [28]DEPARTMENT OF HOMELAND SECURITY

               * [29]Improved Assessment and Oversight Needed to Manage Risk
                 of Contracting for Selected Services

Contents

Letter 1

Results in Brief 3
Background 5
DHS Contracts for Selected Services Covered a Range of Activities Closely
Supporting Inherently Governmental Functions 9
DHS Did Not Consider Risk when Deciding to Contract for Selected Services
13
Management of Contracts for Selected Services May Not Have Been Sufficient
to Mitigate Risk 21
Conclusions 25
Recommendations for Executive Action 25
Agency Comments and Our Evaluation 26
Appendix I Scope and Methodology 29
Appendix II Examples of Inherently Governmental and Approaching Inherently
Governmental Functions 33
Appendix III Department of Homeland Security Inspector General Oversight
35
Appendix IV Comments from the Department of Homeland Security 37

Tables

Table 1: Range of Contracted Services and Related Risk Level 7
Table 2: Examples of Limited Control over and Accountability for Contracts
for Selected Services 23
Table 3: Requested Fiscal Year 2005 Contract Statements of Work 31
Table 4: Fiscal Year 2005 Contracts Reviewed 32
Table 5: Examples of Inherently Governmental Functions 33
Table 6: Examples of Services That May Approach Being Inherently
Governmental Functions 34

Figures

Figure 1: DHS Contracting in Fiscal Year 2005 5
Figure 2: Coast Guard, OPO, and TSA Contracting for Selected Professional
and Management Support Services in Fiscal Year 2005 10
Figure 3: Professional and Management Support Services Closely Supporting
Inherently Governmental Functions in Nine Cases Reviewed 13
Figure 4: Inspector General Coverage of DHS Offices and Management
Challenges 36

Abbreviations

COTR Contracting Officer's Technical Representative
DHS Department of Homeland Security
DOD Department of Defense
DOE Department of Energy
FAR Federal Acquisition Regulation
FEMA Federal Emergency Management Agency
FPDS-NG Federal Procurement Data System-Next Generation
OFPP Office of Federal Procurement Policy
OMB Office of Management and Budget
OPO Office of Procurement Operations
TSA Transportation Security Administration

This is a work of the U.S. government and is not subject to copyright
protection in the United States. The published product may be reproduced
and distributed in its entirety without further permission from GAO.
However, because this work may contain copyrighted images or other
material, permission from the copyright holder may be necessary if you
wish to reproduce this material separately.

United States Government Accountability Office
Washington, DC 20548

September 17, 2007

The Honorable Joseph I. Lieberman
Chairman
The Honorable Susan M. Collins
Ranking Member
Committee on Homeland Security and Governmental Affairs
United States Senate

The Honorable Daniel K. Akaka
Chairman
The Honorable George V. Voinovich
Ranking Member
Subcommittee on Oversight of Government Management, the Federal
  Workforce, and the District of Columbia
Committee on Homeland Security and Governmental Affairs
United States Senate

The Honorable Bennie G. Thompson
Chairman
Committee on Homeland Security
House of Representatives

In fiscal year 2006, the Department of Homeland Security (DHS) obligated
$15.7 billion for the procurement of goods and services,1 making it the
third largest department in terms of procurement spending in the federal
government. Of this amount, DHS obligated over $5 billion on contracts for
services categorized as professional and management support, such as
strategic planning, human resources development, and acquisition support.

While there are benefits to using contractors to perform services for the
government--such as increased flexibility in fulfilling immediate
needs--GAO and others have raised concerns about the federal government's
increasing reliance on contractor services. Of key concern is the risk
associated with contractors providing services that closely support
inherently governmental functions: the loss of government control over and
accountability for mission-related policy and program decisions. Federal
guidance requires agencies to assess this risk and provide oversight
accordingly.

^1This amount includes procurement obligations as reported by DHS in the
Federal Procurement Data System-Next Generation, the governmentwide
database for federal procurement spending. This system does not include
all actions, such as those under interagency agreements.

Given the dollars obligated for professional and management support
services contracts and the associated risk, you asked us to review DHS's
use of contracts for services that closely support inherently governmental
functions. Specifically, you asked us to (1) describe the types of
services DHS requested through these contracts, (2) identify potential
risk in these contracts and the extent to which DHS considered risk when
deciding to use these contracts, and (3) assess DHS's approach to managing
and overseeing contracts for these types of services.

To conduct our work, we reviewed applicable federal procurement policies
and data from the Federal Procurement Data System-Next Generation
(FPDS-NG) for fiscal year 2005, the most recent year for which complete
data were available at the time we began our review. To identify services
that closely support inherently governmental functions, we reviewed
federal acquisition guidance that describes these functions and FPDS-NG
service codes. We selected the four professional and management support
services for which DHS obligated the most dollars in fiscal year
2005--program management and support services, engineering and technical
services, other professional services, and other management support
services. Because FPDS-NG does not provide definitions for service codes,
to better understand the services provided, we judgmentally selected 125
contract statements of work for the four types of professional and
management support services. We selected contracts and orders2 awarded by
DHS components, excluding the Federal Emergency Management Agency (FEMA)3
that had obligated the most on these services at the time we began our
review--the Coast Guard, the Office of Procurement Operations (OPO), and
the Transportation Security Administration (TSA). From our selected
statements of work, we received and reviewed 117 statements and
judgmentally selected and conducted a more detailed review of 9 cases from
the three components. These cases totaled over $82.1 million, ranging in
value from $1.3 million to $42.4 million, and represented a variety of
services that closely support inherently governmental functions. For the 9
cases, we reviewed contract files and interviewed contracting officers,
program officials, and contractors. In addition, we interviewed staff from
the Office of Management and Budget's (OMB) Office of Federal Procurement
Policy (OFPP), the component heads of contracting activity at OPO and TSA,
and the Chief of the Office of Procurement Policy at the Coast Guard.
Appendix I provides more information on our scope and methodology. We
conducted our review between April 2006 and August 2007 in accordance with
generally accepted government auditing standards.

^2Order refers to a task order for services placed against an established
contract.

^3FEMA obligated the third highest amount for the selected services in
fiscal year 2005. We excluded FEMA from our sample because of atypical
fiscal year 2005 spending on hurricane relief efforts.

Results in Brief

More than half of the 117 statements of work we reviewed provided for
reorganization and planning activities, policy development, and
acquisition support--services that closely support the performance of
inherently governmental functions. For example, contractors provided
reorganization and planning services for the Coast Guard's fleet
modernization effort--the Integrated Deepwater System. In another case,
contractors provided a range of professional services including strategic
planning and legislative support for TSA's Transportation Worker
Identification Credential Program. Employee relations, budget preparation,
and regulation development were also among the services provided at the
Coast Guard, OPO, and TSA.

Decisions to contract for professional and management support services
were driven by the need for staff and expertise to get programs and
operations up and running. However, for the nine cases we reviewed,
program officials did not assess the risk that government decisions may be
influenced by, rather than independent from, contractor judgments.
Long-standing federal procurement policy requires attention to this risk.
Each of the nine cases we reviewed included services that have the
potential to increase this risk. Specifically, the contracts included
services that directly supported DHS missions; in some cases, contractors
were performing on an ongoing basis work also performed by government
employees, such as intelligence analysis and strategic planning. And in
most cases, we found the original justification for contracting, such as
immediate need, had changed, but components continued to use contractors
without reassessing who--private companies or federal employees--should
perform a given function. In addition, six of the nine contracts lacked
detail or covered a wide range of services. These conditions need to be
carefully monitored to ensure the government does not lose control over
and accountability for mission-related decisions. DHS has not explored
ways to manage the risk of contracting for these services, such as through
total workforce deployment across the organization, which includes the
flexible use of the workforce to reduce skill gaps.

DHS management and oversight of contracts for selected services did not
provide assurance that DHS had adequately mitigated the related risk.
Federal acquisition policy requires enhanced oversight of contractors
providing professional and management support services that can affect
government decision making, support or influence policy development, or
affect program management. However, most contracting officers and program
officials we spoke with were unaware of this requirement and, in general,
did not see a need for enhanced oversight of their professional and
management support services contracts--even though they acknowledged these
contracts closely supported inherently governmental functions. According
to some officials, their contracting experience and training enabled them
to determine if enhanced oversight was needed. However, we found the level
of oversight provided did not always ensure accountability for decisions
or the ability to judge whether the contractor was performing as required.
In addition, training was not targeted to provide the necessary skills to
determine whether enhanced oversight was needed. Failure to ensure
appropriate oversight increases the potential for a loss of management
control and ability to ensure intended outcomes are achieved.

To improve DHS's ability to manage the risk of selected services that
closely support inherently governmental functions as well as government
control over and accountability for decisions, we are recommending that
the Secretary of Homeland Security take several actions. These actions
include establishing strategic-level guidance on and routinely assessing
the risk of using contractors for selected services, more clearly defining
contract requirements, and assessing the ability of the workforce to
provide sufficient oversight when using selected services. In written
comments on a draft of this report, DHS concurred with most of our
recommendations and provided information on what action would be taken to
address them. However, DHS partially concurred with our recommendation to
assess the risk of selected services as part of the acquisition planning
process and modify existing guidance and training, noting that its
acquisition planning guidance already provides for the assessment of risk.
However, our review found that this guidance does not address the specific
risk of services that closely support the performance of inherently
governmental functions. DHS also partially concurred with our
recommendation to review selected services contracts as part of the
acquisition oversight program, stating that instead, the Chief Procurement
Officer will direct a special investigation on selected issues as needed.
We did not intend for the formal oversight plan to be modified and leave
it to the discretion of the Chief Procurement Officer to determine how to
implement the recommendation. DHS's comments are reproduced in their
entirety in appendix IV.

Background

Governmentwide, spending on services contracts has grown substantially
over the past several years. At DHS, in fiscal year 2005 services
accounted for $7.9 billion, or 67 percent, of total procurement
obligations,4 with $1.2 billion obligated for four types of professional
and management support services: program management and support,
engineering and technical, other professional, and other management
support (see fig. 1). More than two-thirds of DHS's obligations for these
services ($805 million) were to support the Coast Guard, OPO, and TSA.

Figure 1: DHS Contracting in Fiscal Year 2005

^4In fiscal year 2006, obligations for services increased to 82 percent of
DHS's total procurement obligations, largely due to spending by FEMA for
Gulf Coast hurricane relief efforts.

The services federal agencies buy are organized under more than 300 codes
in FPDS-NG and range from basic services, such as custodial and
landscaping, to more complex professional and management support services,
which may closely support the performance of inherently governmental
functions. Inherently governmental functions require discretion in
applying government authority or value judgments in making decisions for
the government; as such, they should be performed by government employees,
not private contractors.5 The Federal Acquisition Regulation (FAR)
provides 20 examples of functions considered to be, or to be treated as,
inherently governmental, including

           o determining agency policy and priorities for budget requests,
           o directing and controlling intelligence operations,
           o approving contractual requirements, and
           o selecting individuals for government employment.

The closer contractor services come to supporting inherently governmental
functions, the greater the risk of their influencing the government's
control over and accountability for decisions that may be based, in part,
on contractor work. This may result in decisions that are not in the best
interest of the government, and may increase vulnerability to waste,
fraud, or abuse. The FAR provides 19 examples of services and actions that
may approach the category of inherently governmental because of the nature
of the function, the manner in which the contractor performs the
contracted services, or the manner in which the government administers
contractor performance.6 Table 1 provides examples of these services and
their relative risk of influencing government decision making.

^5Federal acquisition policy states that contracts shall not be used for
the performance of inherently governmental functions.

^6FAR section 7.503 includes examples of both inherently governmental
functions and services that may approach being inherently governmental.
See appendix II for a complete list of these services.

Table 1: Range of Contracted Services and Related Risk Level

Low risk level:
Basic services: 
* Custodial; 
* Food; 
* Landscaping; 
* Snow removal; 
* Storage; 
* Trash collection.

Medium risk level:
Professional and management support services that do not closely 
support inherently governmental functions: 
* Advertising; 
* Banking; 
* Parking; 
* Records maintenance. 

High risk level: 
Professional and management support services that closely support 
inherently governmental functions: 
* Acquisition support; 
* Budget preparation; 
* Developing or interpreting regulations; 
* Engineering and technical services; 
* Intelligence services; 
* Policy development; 
* Reorganization and planning. 

Source: GAO analysis of selected FPDS-NG and FAR subpart 7.5 categories of
services, and OFPP Policy Letter 93-1.

Note: Professional and management support services consists of 42 codes in
FPDS-NG.

FAR and OFPP guidance address contracting for services that closely
support the performance of inherently governmental functions, including
professional and management support services, due to their potential for
influencing the authority, accountability, and responsibilities of
government officials. In particular, the guidance states that services
that tend to affect government decision making, support or influence
policy development, or affect program management are susceptible to abuse
and require a greater level of scrutiny. Such services include advisory
and assistance, which includes expert advice, opinions, and other types of
consulting services. The guidance requires agencies to provide greater
scrutiny of these services and an enhanced degree of management oversight.
This would include assigning a sufficient number of qualified government
employees to provide oversight and to ensure that agency officials retain
control over and remain accountable for policy decisions that may be based
in part on a contractor's performance and work products.7

The potential for the loss of government management control associated
with contracting for services that closely support the performance of
inherently governmental functions or that should be performed by
government employees is a long-standing governmentwide concern. For
example, in 1981, GAO found that contractors' level of involvement in
management functions at the Departments of Energy (DOE) and Defense (DOD)
was so extensive that the agencies' ability to develop options other than
those proposed by the contractors was limited.8 A decade later, in 1991,
GAO reported that DOE had contracted extensively for support in planning,
managing, and carrying out its work because it lacked sufficient resources
to perform the work itself. 9 We noted that while support service
contracts are appropriate for fulfilling specialized needs or needs of a
short-term or intermittent nature, the contracts we reviewed at DOE were
not justified on these bases. In that same year, GAO reported that three
agencies--DOE, the Environmental Protection Agency, and the National
Aeronautics and Space Administration--may have relinquished government
control and relied on contractors to administer some functions that may
have been governmental in nature.10

^7FAR section 37.114, Special acquisition requirements; OFPP Policy Letter
93-1: Management Oversight of Service Contracting, Office of Federal
Procurement Policy, May 18, 1994.

More recently, government, industry, and academic participants in GAO's
2006 forum on federal acquisition challenges and opportunities11  and the
congressionally mandated Acquisition Advisory Panel12 noted how an
increasing reliance on contractors to perform services for core government
activities challenges the capacity of federal officials to supervise and
evaluate the performance of these activities. The panel also noted that
contracts for professional services are often performed with close contact
between the federal government and contractor employees, which approaches
the line between personal and nonpersonal services. Personal services are
prohibited by the FAR, unless specifically authorized, and are indicated
when the government exercises relatively continuous supervision and
control over the contractor. Both the panel and GAO acquisition forum
participants noted the large growth in contracting for complex and
sophisticated services has increased attention to the appropriate use of
contractors.

^8GAO, Civil Servants and Contract Employees: Who Should Do What for the
Federal Government? FPCD-81-43 (Washington, D.C.: June 19, 1981).

^9GAO, Energy Management: Using DOE Employees Can Reduce Costs for Some
Support Services, [30]GAO/RCED-91-186 (Washington, D.C.: Aug. 16, 1991).

^10GAO, Government Contractors: Are Service Contractors Performing
Inherently Governmental Functions? [31]GAO/GGD-92-11 (Washington, D.C.:
Nov. 18, 1991).

^11GAO, Highlights of a GAO Forum: Federal Acquisition Challenges and
Opportunities in the 21st Century, [32]GAO-07-45SP (Washington, D.C.: Oct.
6, 2006).

^12Report of the Acquisition Advisory Panel to the Office of Federal
Procurement Policy and the United States Congress, January 2007; see
Services Acquisition Reform Act of 2003, Pub. L. No. 108-136, Title XIV, S
1423.

DHS Contracts for Selected Services Covered a Range of Activities Closely
Supporting Inherently Governmental Functions

A broad range of activities related to specific programs and
administrative operations was performed under the professional and
management support services contracts we reviewed. In most cases, the
services provided--such as policy development, reorganization and planning
activities, and acquisition support--closely supported the performance of
inherently governmental functions. Contractor involvement in the nine
cases we reviewed in detail ranged from providing two to three
supplemental personnel to staffing an entire office.

Of the $805 million obligated by the Coast Guard, OPO, and TSA in fiscal
year 2005 to procure four types of professional and management support
services, more than one-half of the obligations was for engineering and
technical services--most of which was contracted by the Coast Guard and
OPO. Figure 2 provides a breakdown of contracting dollars for the four
selected professional and management support services by the three DHS
components.

Figure 2: Coast Guard, OPO, and TSA Contracting for Selected Professional
and Management Support Services in Fiscal Year 2005

Some of the 117 statements of work we reviewed were for services that did
not closely support inherently governmental functions. These included a
TSA contract for employee parking services at airports and a Coast Guard
contract to maintain historic human resource records and perform data
entry. However, most of the selected statements of work we reviewed did
request reorganization and planning activities, acquisition support, and
policy development--services that closely supported inherently
governmental functions.13 Of the 117 statements of work that we reviewed,
71 included a total of 122 services that fell into these three
categories--with reorganization and planning activities requested most
often. For example, the Coast Guard obligated $500,000 for a contractor to
provide services for the Nationwide Automatic Identification System to
identify and monitor vessels approaching or navigating in U.S. waters. The
services included advising and providing recommendations on strategies for
project planning, risk management, and measuring the performance and
progress of the system. Additionally, the tasks included assisting with
the development of earned value management reviews, life-cycle cost
estimates, and cost-benefit analyses. In another example, TSA obligated
$1.2 million to acquire contractor support for its Acquisition and Program
Management Support Division, which included assisting with the development
of acquisition plans and hands-on assistance to program offices to prepare
acquisition documents.

^13For the purposes of our review, acquisition support includes assisting
with acquisition planning, contract management, and developing contract
requirements such as statements of work.

Because contract statements of work can be broad, or contain requirements
that the contractor may not ultimately perform, we conducted a more
detailed review of nine cases to verify the work performed. In these nine
cases, we found that contractors provided a broad array of services to
sustain a range of programs and administrative operations, with the
categories of reorganization and planning, policy development, and
acquisition support requested most often. For example, $2.1 million in
orders supporting the Coast Guard's fleet modernization effort--the
Integrated Deepwater System--included modeling and simulation services to
analyze the operational performance and effectiveness of various fleet
scenarios for program planning. A $42.4 million OPO order for
professional, technical, and administrative services for multiple offices
in DHS's Information Analysis and Infrastructure Protection Directorate14
included tasks to assist in developing policies, budget formulation, and
defining information technology requirements.15 Specifically, contractor
personnel provided general acquisition advice and support to the
Information Analysis and Infrastructure Protection business office, which
included the management, execution, process improvement, and status
reporting of procurement requests. For another office, the contractor
provided an analysis of intelligence threats. A $7.9 million OPO human
capital services order provided a full range of personnel and staffing
services to support DHS's headquarters offices, including writing position
descriptions, signing official offer letters, and meeting new employees at
DHS headquarters for their first day of work.

^14In July 2005, DHS announced that the information analysis function of
the Information Analysis and Infrastructure Protection Directorate would
be moved to the newly created Office of Intelligence and Analysis in an
effort to strengthen intelligence functions and information sharing.
Infrastructure protection became a component within the National
Protection and Programs Directorate.

^15The Department of Veterans Affairs awarded and originally managed this
order on behalf of DHS; OPO assumed administration duties for DHS in
December 2004.

The extent of contractor involvement in the nine case studies varied from
providing two to three supplemental personnel to staffing an entire
office, and in most cases contractor staff performed services on-site at
DHS facilities. Figure 3 shows the type and range of services provided in
the nine case studies and the location of contractor performance.

Figure 3: Professional and Management Support Services Closely Supporting
Inherently Governmental Functions in Nine Cases Reviewed

Note: Categories are based on services that approach being inherently
governmental in FAR subpart 7.5 and therefore may not include all the
services provided by contractors in each of the nine cases.

aObligations based on information provided by DHS at the time of our
review.

bSituations in which contactors might be assumed to be agency employees or
representatives. FAR section 7.503(d)(13).

DHS Did Not Consider Risk when Deciding to Contract for Selected Services

A lack of staff and expertise to get programs and operations up and
running drove decisions to contract for professional and management
support services. While program officials generally acknowledged that
these contracts closely supported the performance of inherently
governmental functions, they did not assess the risk that government
decisions may be influenced by, rather than independent from, contractor
judgments. In the nine cases we reviewed, we found contractors providing
services integral to an agency's mission and comparable to those provided
by government employees, and contracts with broadly defined requirements.
These conditions need to be carefully monitored to ensure the government
does not lose control over and accountability for mission related
decisions. DHS has not explored ways to manage the risk of contracting for
these services such as determining the right mix of government-performed
and contractor-performed services or assessing total workforce deployment
across the department. DHS's human capital strategic plan notes the
department has identified core mission critical occupations and plans to
reduce skill gaps in core and key competencies. However, it is unclear how
this will be achieved and whether it will inform the department's use of
contractors for services that closely support inherently governmental
functions.

DHS Contracting Decisions Were Largely Driven by a Lack of Staff and Expertise
and Immediacy of Need

The reasons most often cited by program officials for contracting for
services was the need for employees--to start up a new program or
administrative operation, provide specific expertise, or meet immediate
mission needs. When DHS was established in 2003, it was charged with
developing strategies, programs, and projects to meet a new mission while
facing skill gaps in core and key competencies. For example, at TSA--a
component built from the ground up--according to program officials, the
lack of federal staff to provide acquisition support led to hiring
contractors for its Secure Flight program. Federal staff limitations was
also a reason for TSA's contract for employee relations support services.
Many TSA, DHS human capital, and Information Analysis and Infrastructure
Protection program officials said that contracting for services was
necessary because they were under pressure to get program and
administrative offices up and running quickly, and they did not have
enough time to hire staff with the right expertise through the federal
hiring process. In another case, in prior work we found that when OPO was
established, the office had only seven staff to serve more than 20
organizations.16 Since that time, OPO has expanded and adjusted the use of
contractors for specific functions, such as acquisition support.

In the case of TSA, the agency needed to immediately establish an employee
relations office capable of serving 60,000 newly hired airport
screeners--an undertaking TSA Office of Human Resources officials said
would have taken several years to accomplish if they hired qualified
federal employees. In another case, DHS human capital officials said there
were only two staff to manage human resources for approximately 800
employees, and it would have taken 3 to 5 years to hire and train federal
employees to provide the necessary services. Similarly, the Coast Guard, a
more established agency, lacked the personnel needed to address new
requirements for its competitive sourcing program. According to Coast
Guard program officials, only one federal employee was in place when the
new requirements were established. An acquisition plan for modeling and
simulation services in support of the Coast Guard's Integrated Deepwater
System cited the need for technological expertise as one of the reasons
for hiring contractors. According to program officials, contracting for
such technological capabilities is routine at the Coast Guard.

^16GAO, Homeland Security: Successes and Challenges in DHS's Efforts to
Create an Effective Acquisition Organization, [33]GAO-05-179 (Washington,
D.C.: Mar. 29, 2005).

Several officials also described a perception of a management preference
for contracting. For example, an OPO contracting officer said
governmentwide strategies to use contractors influenced program decisions
to award services contracts. TSA program and senior officials also said
decisions to contract were in keeping with a conscious decision to build a
lean organization. For example, in prior work, we found that TSA
contracted extensively to manage human resource needs, develop and
manufacture screening equipment, and provide the information technology
systems it uses to manage day-to-day operations. In fact, such service
contracts represented about 48 percent of TSA's fiscal year 2003 budget.17

Selected Cases May Have Been at Risk of Contractors Influencing Government
Decisions

To ensure the government does not lose control over and accountability for
mission-related decisions, long-standing federal procurement policy
requires attention to the risk that government decisions may be influenced
by, rather than independent from, contractor actions when contracting for
services that closely support inherently governmental functions.
Distinguishing roles and responsibilities of contractors and government
employees and carefully defining requirements for contractor services
become especially important when contracting for professional and
management support services since contractors often work closely with
government employees to provide these services. To manage risk,
participants in GAO's acquisition forum stated that agencies need to
determine the right mix of government-performed and contractor-performed
work in particular settings, and that planning for contracting outcomes
and measurable results is a critical element in managing a multisector
workforce of government employees and contractors. The nine cases we
reviewed provided examples of contractors performing services integral to
an agency's mission and comparable to those performed by government
employees, contractors providing ongoing support, and broadly defined
contract requirements--conditions that need to be carefully monitored to
ensure the government does not lose control over and accountability for
mission-related decisions.

^17GAO, Transportation Security Administration: High-Level Attention Needed
to Strengthen Acquisition Function, [34]GAO-04-544 (Washington, D.C.: May
28, 2004).

  Contractor Services Integral to DHS's Mission and Comparable to Work Performed
  by Government Employees

In seven of the nine cases, contractors provided services that were
integral to DHS's mission or comparable to work performed by government
employees. For example:

           o A contractor directly supported DHS efforts to hire federal
           employees, including signing offer letters.

           o The contractor for the component's employee relations office
           provided advice to supervisors on cases, a function also performed
           by federal employees in that office.

           o A contractor provided acquisition advice and support to the
           Information Analysis and Infrastructure Protection Directorate
           business office, working alongside federal employees and
           performing the same tasks.

In some of these cases officials said contractors were used to fill staff
shortages. We also found that government employees may have supervised
contractor employees. For example, one contractor performed
mission-related budget, program management, and acquisition services and
was located at government operations centers to provide opportunities for
direct review of the contractor's activities. This type of close
supervision of contractor personnel may constitute personal services--a
contracting arrangement that is prohibited by the FAR, unless specifically
authorized.18

^18See FAR section 37.104 regarding personal services. Under certain
circumstances, DHS is authorized to procure personal services; the
contracts we reviewed were not awarded under this authority.

  Ongoing Contractor Support

In all nine cases, the contractor provided services that lasted for more
than 1 year. Given the risk of contracting for selected services, it is
appropriate to periodically reexamine who--private companies or federal
employees--should perform certain services. However, in five of the nine
cases, the original justification for contracting--to quickly establish a
new office or function--had changed, but the components extended or
recompeted services without considering this change. For example:

           o To establish a competitive sourcing program, the Coast Guard
           hired a contractor to provide budget, policy, acquisition support,
           and reorganization and planning for more than 5 years. These
           services have been extended through August 2009.
           o OPO established a temporary "bridge" arrangement without
           competition to avoid disruption of critical support including
           budget, policy, and intelligence services. Although this
           arrangement was intended to be temporary, the order was modified
           20 times and extended for almost 18 months. Subsequently, these
           services were competed and awarded to the original contractor
           under six separate contracts. DHS provided information stating
           that five of the six contracts expire by the end of September
           2007. However, as of August 2007 DHS had yet to provide a plan for
           carrying out these services in the future.

           o In another OPO case, a contractor was hired to develop a
           strategic plan for the US-VISIT program. While the task was
           completed in less than a year, the contractor continued to provide
           related services in two subsequent orders.

           Continuing to contract for these types of services is particularly
           risky since the initial contracting decisions did not include an
           assessment of risk.
			  
			  Broadly Defined Requirements

           Describing in detail the work to be performed under a contract
           helps to minimize the risk of paying too much for services
           provided, acquiring services that do not meet needs, or entering
           too quickly into sensitive arrangements. Well-defined contract
           requirements can also help minimize the risk of contractors
           performing inherently governmental functions. Defining
           requirements is a part of the acquisition planning process and
           prior GAO work has emphasized the importance of clearly defined
           requirements to obtain the right outcome.19

           Broadly defined requirements were also apparent in the 117
           statements of work that we reviewed. For example, at TSA we found
           multiple statements of work requesting a similar set of
           services--including acquisition and strategic planning,
           contingency planning, program oversight, and government cost
           estimating--in support of different program offices.

           In six of our nine case studies, the requirements as written in
           the statements of work were often broadly defined. In four cases,
           the statements of work lacked specific details about activities
           that closely support inherently governmental functions. For
           example, the initial statement of work for a $7.9 million OPO
           order for human resources support broadly stated that the
           contractor would rank candidates for DHS positions. Without
           specifying how the contractor was to perform this task, it was
           unclear how OPO would hold the contractor accountable for
           outcomes. The later contract specified how the contractor was to
           rank candidates, including the criteria, processes, and policies
           to be used. In the other two cases, the statements of work
           included an indiscriminate mix of services.

                        o A $7.9 million TSA contract included program
                        management support activities, including professional
                        and technical advice, strategic planning, performance
                        monitoring, conference support, briefing preparation,
                        project documentation, technical research and
                        analysis, and stakeholder relations. Some of these
                        activities fit the description of advisory and
                        assistance services.

                        o Similarly, a single $42.4 million OPO order
                        included 58 tasks to provide a diverse range of
                        services throughout the Information Analysis and
                        Infrastructure Protection Directorate in support of
                        over 15 program offices and 10 separate
                        directoratewide administrative efforts. Services
                        included providing strategic communications planning
                        expertise and representing the directorate as a
                        member of the DHS-wide Homeland Security Operations
                        Center, providing intelligence analysis for
                        Immigration and Customs Enforcement and Customs and
                        Border Protection, supporting administrative
                        functions such as acquisition planning and human
                        capital management, and defining information
                        technology requirements for the directorate. Other
                        services included helping respond to congressional
                        and Freedom of Information Act requests and preparing
                        budget justification documents and related briefing
                        materials.
								
^19GAO, Defense Acquisitions: Tailored Approach Needed to Improve Service
Acquisition Outcomes, [35]GAO-07-20 (Washington, D.C.: Nov. 9, 2006), and
GAO, Interagency Contracting: Franchise Funds Provide Convenience, but
Value to DOD Is Not Demonstrated, [36]GAO-05-456 (Washington, D.C.: July
29, 2005).								

           Several program officials noted that the statements of work did
           not accurately reflect the program's needs or the work the
           contractors actually performed. For example, one statement of work
           for a $1.7 million Coast Guard order included advisory and
           assistance services. However, program officials said the
           contractor never provided these services. Another Coast Guard
           statement of work for a $1.3 million order initially included
           developing policy, conducting cost-benefit analyses, and
           conducting regulatory assessments, though program officials told
           us the contractors provided only technical regulatory writing and
           editing support. The statement of work was revised in a later
           contract to better define requirements.
			  
			  Officials Generally Did Not Address Risk when Contracting for
			  Selected Services

           Contracting officers and program officials for the nine case
           studies generally acknowledged that their professional and
           management support services contracts closely supported the
           performance of inherently governmental functions. However, none
           assessed whether these contracts could result in the loss of
           control over and accountability for mission-related decisions. DHS
           has not explored ways to address the risk of contracting for these
           services such as determining the right mix of government performed
           or contractor performed services or assessing total workforce
           deployment across the department.

           Federal acquisition guidance highlights the risk inherent in
           service contracting--particularly those for professional and
           management support--and federal internal control standards require
           assessment of risks. Internal control standards provide a
           framework to identify and address areas at greatest risk of
           mismanagement, waste, fraud, and abuse.20 OFPP staff we met with
           also emphasized the importance of assessing the risk associated
           with contracting for services that closely support the performance
           of inherently governmental functions and establishing effective
           internal management controls to ensure agency staff are aware of
           this risk consistent with the OFPP guidance. While DHS acquisition
           planning guidance requires identification of such acquisition
           risks as cost, schedule, and performance, or political or
           organizational factors, it does not address the specific risk of
           services that closely support the performance of inherently
           governmental functions.21 Prior GAO work has found that cost,
           schedule, and performance--common measures for products or major
           systems--may not be the most effective measures for assessing
           services.22

^20GAO, Standards for Internal Control in the Federal Government,
[37]GAO/AIMD-00-21 .3.1 (Washington, D.C.: November 1999).

^21DHS requires acquisition planning and documentation for all procurements
and a formal, written, and approved plan for acquisitions exceeding $5
million.

^22 [38]GAO-07-20.

           DHS's human capital strategic plan notes the department has
           identified core mission critical occupations and plans to reduce
           skill gaps in core and key competencies. However, prior GAO work
           found that DHS had not provided details on the specific human
           capital resources needed to achieve its long-term strategic
           goals.23 Human capital planning strategies should be linked to
           current and future human capital needs, including the total
           workforce of federal employees and contractors; its deployment
           across the organization; and the knowledge, skills, and abilities
           needed by agencies.24 Deployment includes the flexible use of the
           workforce, such as putting the right employees in the right roles
           according to their skills, and relying on staff drawn from various
           organizational components and functions and using "just-in-time"
           or "virtual" teams to focus the right talent on specific tasks. We
           have also noted the importance of focusing greater attention on
           which types of functions and activities should be contracted out
           and which ones should not while considering other reasons for
           using contractors, such as a limited number of federal employees.
           DHS's human capital plan is unclear as to how this could be
           achieved and whether it will inform the department's use of
           contractors for services that closely support the performance of
           inherently governmental functions.

^23GAO, Results-Oriented Government: Improvements to DHS's Planning Process
Would Enhance Usefulness and Accountability, [39]GAO-05-300 (Washington,
D.C.: Mar. 31, 2005).

^24GAO, Human Capital: A Self-Assessment Checklist for Agency Leaders,
[40]GAO/GGD-99-179 (Washington, D.C.: September 1999).

           Management of Contracts for Selected Services May Not Have Been
			  Sufficient to Mitigate Risk

           None of the program officials and contracting officers we spoke
           with were aware of the federal acquisition policy requirement for
           enhanced oversight of contracts for services that closely support
           the performance of inherently governmental functions. Further, few
           believed that their professional and management support service
           contracts required an enhanced level of scrutiny. For the nine
           cases we reviewed, the level of oversight DHS provided did not
           always ensure accountability for decisions--as called for in
           federal guidance--or the ability to judge whether contractors were
           performing as required. DHS's Chief Procurement Officer and
           Inspector General each have ongoing efforts to improve procurement
           oversight. These efforts have the potential to include reviews of
           contracting for services that closely support the performance of
           inherently governmental functions.
			  
			  Officials Did Not Provide Required Oversight of Contracts for
			  Selected Services

           The FAR and OFPP require agencies to provide enhanced oversight of
           contracts for services that closely support the performance of
           inherently governmental functions to ensure these services do not
           compromise the independence of government decision making.25 DHS
           contracting officers and program officials from our nine case
           studies were unaware of these oversight policies. While these
           officials acknowledged the professional and management support
           services provided under these contracts closely supported the
           performance of inherently governmental functions, most did not
           believe enhanced oversight of the contracts was warranted.

           According to DHS contracting officers and program officials, cost,
           complexity, and visibility are risk factors that trigger the need
           for enhanced oversight. Neither these officials nor DHS
           acquisition planning guidance cite services that closely support
           the performance of inherently governmental functions as a risk
           factor. In five of the nine cases we reviewed, contract documents
           outlined routine oversight responsibilities for the Contracting
           Officer's Technical Representative (COTR) but did not address the
           need for enhanced oversight as a result of the type of service.
           Prior GAO work has found that because services involve a wide
           range of activities, management and oversight of service
           acquisitions may need to be tailored to the specific
           circumstances, including developing different measures of quality
           or performance.26

^25FAR subpart 37.5 and OFPP Policy Letter 93-1 state that contracting
officers should ensure that "best practices" techniques are used when
contracting for services and in contract management and administration.

^26 [41]GAO-07-20 .

           In four of the case studies, contracting officers and program
           officials believed their experience and training enabled them to
           determine whether or not enhanced oversight was needed. However,
           none of the training policies and documents we reviewed--including
           DHS's directive for COTR certification and the Defense Acquisition
           University's training curriculum--alerted COTRs to federal policy
           requiring enhanced oversight for contracts that closely support
           inherently governmental functions or to the risk of such
           contracts.
			  
			  Control and Accountability Were Limited

           Federal acquisition guidance requires agencies to retain control
           over and remain accountable for decisions that may be based, in
           part, on a contractor's performance and work products. This
           includes making sound judgments on requirements, costs, and
           contractor performance. Both the FAR and OFPP policy state that
           when contracting for services--particularly for professional and
           management support services that closely support the performance
           of inherently governmental functions--a sufficient number of
           qualified government employees assigned to plan and oversee
           contractor activities is needed to maintain control and
           accountability. However, we found cases in which the components
           lacked the capacity to oversee contractor performance due to
           limited expertise and workload demands (see table 2). These
           deficiencies may have resulted in a lack of control over and
           accountability for decisions.

Table 2: Examples of Limited Control over and Accountability for Contracts
for Selected Services

DHS program or office supported, by component: Coast Guard: Integrated 
Deepwater System, Modeling and Simulation Services; 
Total dollars (in millions): $2.1; 
Example of limited control and accountability: Coast Guard program 
officials said they lacked the technical expertise needed to determine 
what it would take to perform a particular task. In one case, they 
anticipated that it would take about 4 hours to modify a simulation. 
Later, the contractor estimated the modification would take 120 hours. 
Such a discrepancy illustrates the potential problems that can occur
--such as underestimating costs--when government personnel lack the 
expertise needed to independently plan for contracted work.

DHS program or office supported, by component: Office of Procurement 
Operations: Information Analysis and Infrastructure Protection 
Directorate; 
Total dollars (in millions): 42.4; 
Example of limited control and accountability: One COTR was assigned 
to oversee 58 different tasks, ranging from acquisition support to 
intelligence analysis to budget formulation and planning, across multiple 
offices and locations. Program and contracting officials noted the resulting 
oversight was likely insufficient. To provide better oversight for one 
of the follow-on contracts, the program official assigned a new COTR to 
oversee just the intelligence work and established monthly meetings 
between the COTR and program office to discuss the contract. However, 
according to the program official, this change was made to ensure that 
the contract deliverables and payments were in order rather than to 
address the inherent risk of the services performed.

DHS program or office supported, by component: Office of Procurement 
Operations: DHS Headquarters Human Capital Services; 
Total dollars (in millions): 7.9; 
Example of limited control and accountability: The COTR assigned to 
oversee the extensive range of personnel services provided by the 
contractor lacked technical expertise, which the program manager 
believed affected the quality of oversight provided. To improve 
oversight for the follow-on contract, the program manager assigned a 
COTR with more human resources experience along with an employee with 
human resources expertise to assist the COTR.

Source: GAO analysis.

Prior GAO work has shown similar examples of oversight deficiencies that
can contribute to poor outcomes. For example, in work examining contracts
undertaken in support of response and recovery efforts for Hurricanes
Katrina and Rita, we found that the number of monitoring staff available
at DHS was not always sufficient or effectively deployed to provide
oversight.27 Similarly, in work at DOD, we have found cases of
insufficient numbers of trained contracting oversight personnel, and cases
in which personnel were not provided enough time to complete surveillance
tasks, in part due to limited staffing.28

^27GAO, Hurricane Katrina: Improving Federal Contracting Practices in
Disaster Recovery Operations, [42]GAO-06-714T (Washington, D.C.: May 4,
2006).

^28GAO, Contract Management: Opportunities to Improve Surveillance on
Department of Defense Service Contracts, [43]GAO-05-274 (Washington, D.C.:
Mar. 17, 2005).

Establishing measurable outcomes for services contracts and assessing
contractor performance are necessary to ensure control and accountability.
DHS components were limited in their ability to assess contractor
performance in a way that addressed the risk of contracting for
professional and management support services that closely support the
performance of inherently governmental functions. Assessing contractor
performance requires a plan that outlines how services will be delivered.
However, none of the related oversight plans and contract documents we
reviewed contained specific measures for assessing contractors'
performance of these services.

DHS Is Implementing Oversight Initiatives

DHS's Chief Procurement Officer and the Inspector General each have
ongoing efforts to assess DHS contract management. The Chief Procurement
Officer is in the process of implementing an acquisition oversight
program, which is intended to assess (1) compliance with federal
acquisition guidance, (2) contract administration, and (3) business
judgment.29 This program was designed with flexibility to address specific
procurement issues, as necessary, and is based on a series of reviews at
the component level. For example, the on-site review incorporates
assessments of individual procurement actions. These reviews have
potential to include contracting for services that closely support
inherently governmental functions.

The Inspector General also has recently increased its procurement
oversight (see app. III). Common themes and risks emerged from this work,
primarily the dominant influence of expediency, poorly defined
requirements, and inadequate oversight that contributed to ineffective or
inefficient results and increased costs. Inspector General reviews also
noted that many DHS procurement offices reported that their lack of
staffing prevents proper procurement planning and severely limits their
ability to monitor contractor performance and conduct effective contract
administration. While these findings have broad application to services,
OFPP Policy Letter 93-1 encourages the Inspectors General to also conduct
vulnerability assessments of services contracting--which would include
services that closely support inherently governmental functions--to ensure
compliance with related guidance.

^29GAO, Department of Homeland Security: Progress and Challenges in
Implementing the Department's Acquisition Oversight Plan, [44]GAO-07-900
(Washington, D.C.: June 13, 2007).

Conclusions

When DHS was established in 2003, it faced an enormous challenge to
quickly set up numerous offices and programs that would provide
wide-ranging and complex services critical to ensuring the nation's
security. With limited staffing options, the department relied on
contractors to perform mission-related services that closely support the
performance of inherently governmental functions. However, the tasks
assigned to contractors were not always clearly defined up front, and the
breadth and depth of contractor involvement were extensive in some cases.
Four years later, the department continues to rely heavily on contractors
to fulfill its mission with little emphasis on assessing the risk and
ensuring management control and accountability. Given its use of
contractors to provide selected services, it is critical for DHS to
strategically address workforce deployment and determine the appropriate
role of contractors in meeting its mission. Until the department emplaces
the staff and expertise needed to oversee selected services, it will
continue to risk transferring government responsibility to contractors.

Recommendations for Executive Action

To improve the department's ability to manage the risk of selected
services that closely support inherently governmental functions as well as
government control over and accountability for decisions, we recommend
that the Secretary of Homeland Security implement the following five
actions:

           o establish strategic-level guidance for determining the
           appropriate mix of government and contractor employees to meet
           mission needs;

           o assess the risk of selected contractor services as part of the
           acquisition planning process, and modify existing acquisition
           guidance and training to address when to use and how to oversee
           those services in accordance with federal acquisition policy;

           o define contract requirements to clearly describe roles,
           responsibilities, and limitations of selected contractor services
           as part of the acquisition planning process;

           o assess program office staff and expertise necessary to provide
           sufficient oversight of selected contractor services; and

           o review contracts for selected services as part of the
           acquisition oversight program.

Agency Comments and Our Evaluation

We provided a draft of this report to OMB and DHS for review and comment.
In written comments, DHS generally concurred with our recommendations and
provided information on what action would be taken to address them. The
department's comments are reprinted in appendix IV. OMB did not comment on
the findings or conclusions of this report.

DHS concurred with three of our recommendations, and partially concurred
with the other two. Regarding the first recommendation, to establish
strategic guidance for determining the appropriate mix of government and
contractor employees, DHS agreed and stated that its Chief Human Capital
and Chief Procurement Officers plan to initiate staffing studies and
recommend the number and skill sets of federal employees required to
successfully manage its long-term projects and programs. We agree that
such action should provide the basis for developing a strategic approach
to managing the risk of contracting for selected services.

DHS partially concurred with our recommendation to assess the risk of
selected contractor services as part of the acquisition planning process
and to modify existing acquisition guidance and training accordingly. DHS
agreed that its training for contracting officers and contracting
officer's technical representatives should include the guidance in OFPP
Policy Letter 93-1. DHS stated the Chief Procurement Officer plans to
emphasize this requirement to the component Heads of Contracting Activity
and to department contracting personnel and to coordinate with the Defense
Acquisition University to ensure that guidance is also included in its
training. However, DHS stated that its Acquisition Planning Guide already
provides for the assessment of risk. Our review of the acquisition
planning guidance found that it addresses risk factors such as cost,
schedule, and performance, but it does not address the specific risk of
services that closely support the performance of inherently governmental
functions. As we note in our report, these types of services carry
additional risk that should be considered when making contracting
decisions.

Concerning the third recommendation, to define contract requirements to
clearly describe roles, responsibilities, and limitations of selected
contractor services, DHS concurred and anticipated that the risk of
contracting for selected services will be appropriately addressed more
often in the future. However, DHS did not specify related initiatives.
Because developing well-defined requirements can be challenging but is
essential for obtaining the right outcome, we believe this effort will
require sustained attention from DHS.

DHS also concurred with our fourth recommendation, to assess the program
office staff and expertise necessary to provide sufficient oversight of
selected contractor services. DHS stated that this process has already
begun at TSA and that it plans to proceed on a larger-scale initiative as
part of its overall human capital planning.

With respect to our recommendation that DHS review selected services
contracts as part of the acquisition oversight program, DHS agreed that
these types of services require special assessment, but stated that the
Chief Procurement Officer will direct a special investigation on selected
issues as needed rather than as part of the routine acquisition oversight
reviews. We did not intend that the formal oversight plan be modified.
Rather, we recognize that the acquisition oversight program was designed
with flexibility to address specific procurement issues as necessary. We
leave it to the discretion of the Chief Procurement Officer to determine
how to implement the recommendation to ensure proper oversight.

As agreed with your offices, unless you publicly announce the contents of
this report, we plan no further distribution for 30 days from the report
date. At that time, we will send copies of this report to the Secretary of
Homeland Security, the Director of the Office of Management and Budget,
and other interested congressional committees. We will also make copies
available to others upon request. In addition, this report will be
available at no charge on the GAO Web site at [45]http://www.gao.gov .

If you have questions about this report or need additional information,
please contact me at (202) 512-4841 or [46][email protected] . Contact
points for our Offices of Congressional Relations and Public Affairs may
be found on the last page of this report. Other staff making key
contributions to this report were Amelia Shachoy, Assistant Director;
Katherine Trimble; Jennifer Dougherty; Cardell Johnson; Matthew Saradjian;
David Schilling; Karen Sloan; Julia Kennon; Alison Martin; Noah Bleicher;
and Kenneth Patton.

John P. Hutton, Director
Acquisition and Sourcing Management

Appendix I: Scope and Methodology

To describe the types of services the Department of Homeland Security
(DHS) requested through these contracts, we compiled information from the
Federal Procurement Data System-Next Generation (FPDS-NG) on procurement
spending at DHS and its components for fiscal years 2005 and 2006. To
supplement our review of information from FPDS-NG, we reviewed 117
statements of work and conducted more detailed reviews of nine cases from
fiscal year 2005--the year for which the most complete data were available
at the time we began our review. For the 117 statements of work, we used
federal acquisition guidance on services that closely support the
performance of inherently governmental functions as criteria to describe
the types of services DHS requested. Within those services, we selected
three broad categories for more detailed review--reorganization and
planning activities, policy development, and acquisition support.

To identify potential risk and the extent to which DHS considered risk
when deciding to use contracts for selected professional and management
support services that closely support the performance of inherently
governmental functions, and to assess DHS's management and oversight of
contracts for these types of services, we conducted a detailed review of
nine case studies--three at each component. For each case study, we
reviewed contract documentation, including available acquisition plans,
oversight plans, and records, and interviewed procurement and program
officials at the three components about the decision to use contractors
and contractor oversight, including any processes and guidance used. We
interviewed contractors for seven of the nine cases about their working
relationship with the component offices, the work performed, and the
oversight provided by the component. For the other two cases, we requested
interviews, but the contractors were not available. We also spoke with the
heads of contracting activity at the Office of Procurement Operations
(OPO) and the Transportation Security Administration (TSA), the Chief of
the Office of Procurement Policy at the Coast Guard, and staff at the
Office of Management and Budget's (OMB) Office of Federal Procurement
Policy (OFPP).

Selection of Services and Contracts

To develop criteria for services that closely support the performance of
inherently governmental functions, we reviewed Federal Acquisition
Regulation (FAR) subpart 7.5 on inherently governmental functions and FAR
section 37.114 on special acquisition requirements, and the Office of
Management and Budget's Office of Federal Procurement Policy Letter 93-1
on management oversight of service contracts.1

To select services to review, a GAO contracting officer reviewed the
FPDS-NG Product and Service Codes Manual and identified over 30 services
considered to closely support the performance of inherently governmental
functions across the following categories: research and development;
special studies and analyses; professional, administrative, and management
support services; and education and training. To confirm the selection, we
then compared each of the services to federal acquisition guidance that
describes inherently governmental functions and services approaching
inherently governmental functions. On the basis of this review, we
gathered and analyzed data from the FPDS-NG on DHS's fiscal year 2005
obligations for 29 services. Sixteen of the 29 services fell into the
professional, administrative, and management support services category.
From this category, we selected the 4 services for which DHS obligated the
most in fiscal year 2005--program management and support services,
engineering and technical services, other professional services, and other
management support services. We reviewed these criteria with DHS
acquisition policy and oversight officials, focusing on the link between
the 4 selected services and federal acquisition guidance. Finally, we
selected the three DHS components, excluding the Federal Emergency
Management Agency (FEMA), that had obligated the most for those services
at the time we began our review--the Coast Guard, OPO, and TSA.2

To select contracts to review, we compiled data from FPDS-NG on all fiscal
year 2005 contract actions as of the time we began our review for the 4
services at the three components. Using the brief contract description
available through FPDS-NG, we used FAR guidance to identify services that
closely support the performance of inherently governmental functions to
select a total of 125 statements of work for the 4 services: 42 from Coast
Guard, 43 from OPO, and 40 from TSA (see table 3).

^1While TSA is exempt from the FAR, it follows the Acquisition Management
System, developed by the Federal Aviation Administration, which adheres as
a matter of policy to certain governmentwide laws, regulations, and
executive agency requirements.

^2The Federal Emergency Management Agency obligated the third highest
amount for the selected services in fiscal year 2005. We excluded FEMA
from our sample because of atypical fiscal year 2005 spending on hurricane
relief efforts.

Table 3: Requested Fiscal Year 2005 Contract Statements of Work

Component: Coast Guard; 
Program management/support services: 8; 
Engineering and technical services: 14; 
Other professional services: 11; 
Other management support services: 9; 
Total by component: 42.

Component: OPO; 
Program management/support services: 6; 
Engineering and technical services: 8; 
Other professional services: 6; 
Other management support services: 23; 
Total by component: 43.

Component: TSA; 
Program management/support services: 17; 
Engineering and technical services: 1; 
Other professional services: 10; 
Other management support services: 12; 
Total by component: 40.

Component: Total by service type; 
Program management/support services: 31; 
Engineering and technical services: 23; 
Other professional services: 27; 
Other management support services: 44; 
Total by component: 125.

Source: GAO analysis of fiscal year 2005 FPDS-NG data.

Of the 125 requested, we received 117 statements of work within the
11-week time period we allowed. In some cases, DHS was unable to locate
files or FPDS-NG entries were unclear or incorrect. Using the more
detailed description of services included in the 117 statements of work,
we again used FAR guidance to identify services that appeared to closely
support the performance of inherently governmental functions to select
three contracts from each component on which to perform a total of nine
case studies. The nine cases we reviewed in detail represented the 4 types
of professional and management support services and ranged in value from
$1.3 million to $42.4 million. Table 4 provides details on the case study
selection process and the cases reviewed.

Table 4: Fiscal Year 2005 Contracts Reviewed
Dollars in millions.

For Coast Guard, OPO, and TSA: Contracts for four selected professional 
and management support services; 
Cases: 942; 
Total dollars: $805.6; 
Selection criteria: All contracts with dollars obligated in fiscal year 
2005, as reported in FPDS-NG.

For Coast Guard, OPO, and TSA: Statements of work for four selected 
professional and management support services; 
Cases: 125; 
Total dollars: $229.2; 
Selection criteria: Nonprobability sample selected from 942 contracts 
in FPDS-NG. Selection based on comparing the contract description with 
FAR guidance for services closely supporting inherently governmental 
functions. We selected 110 contracts as potentially supporting 
inherently governmental functions and an additional 15 contracts based 
on the contract description and to represent a range of dollar values.

For Coast Guard, OPO, and TSA: Case studies for four selected 
professional and management support services; 
Cases: 9; 
Total dollars: $82.1; 
Selection criteria: Nonprobability sample selected from 117 statements 
of work received from DHS. Selection based on comparing the statement 
of work description to FAR guidance that describes services closely 
supporting inherently governmental functions. Cases represent a variety 
of services and dollar values among the three components.

Source: GAO.

Note: Of the 125 statements of work requested, DHS provided 117, totaling
$207.1 million.

We conducted our review between April 2006 and August 2007 in accordance
with generally accepted government auditing standards.

Appendix II: Examples of Inherently Governmental and Approaching
Inherently Governmental Functions

Federal Acquisition Regulation section 7.503 provides examples of
inherently governmental functions and services or actions that are not
inherently governmental, but may approach being inherently governmental
functions based on the nature of the function, the manner in which the
contractor performs the contract, or the manner in which the government
administers contractor performance. These examples are listed in tables 5
and 6 below.

Table 5: Examples of Inherently Governmental Functions

1: Directly conduct criminal investigations; 
2: Control prosecutions and perform adjudicatory functions other 
than arbitration; 
3: Command military forces; 
4: Conduct foreign relations and determine foreign policy; 
5: Determine agency policy, including regulations; 
6: Determine federal program priorities for budget requests; 
7: Direct and control federal employees; 
8: Direct and control intelligence and counterintelligence operations; 
9: Select individuals for federal government employment; 
10: Approve position descriptions and performance standards for federal 
employees; 
11: Determine the disposal of government property; 
12: In federal procurement activities with respect to prime contracts: 
Determine the supplies or services acquired by the government; participate 
as a voting member on any source selection boards; approve contractual 
documents, including documents defining requirements, incentive plans, 
and evaluation criteria; award contracts; administer contracts; 
terminate contracts; determine whether contract costs are reasonable, 
allocable, and allowable; and participate as a voting member on 
performance evaluation boards; 
13: Approve agency responses to Freedom of Information Act requests; 
14: Conduct administrative hearings to determine eligibility for security 
clearances, or that affect personal reputation or eligibility to participate 
in government programs; 
15: Approve federal licensing actions and inspections; 
16: Determine budget policy, guidance, and strategy; 
17: Collect, control, and disburse public funds, unless authorized by statute. 
Does not include the collection of public charges to mess halls, national 
parks, and similar entities and routine voucher and invoice examination; 
18: Control treasury accounts; 
19: Administer public trusts; 
20: Draft congressional testimony, responses to congressional correspondence, 
or agency responses to audit reports. 

Source: GAO analysis of FAR section 7.503(c).

Table 6: Examples of Services That May Approach Being Inherently
Governmental Functions

1: Involve or relate to budget preparation; 
2: Involve or relate to reorganization and planning activities; 
3: Involve or relate to analyses, feasibility studies, and strategy options 
to be used in developing policy; 
4: Involve or relate to developing regulations; 
5: Involve or relate to evaluating another contractor's performance; 
6: Support acquisition planning; 
7: Assist in contract management; 
8: Provide technical evaluation of contract proposals; 
9: Assist in developing statements of work; 
10: Support the preparation of responses to Freedom of Information Act requests; 
11: Work in situations that may permit access to confidential business 
information; 
12: Provide information regarding agency policies or regulations; 
13: Participate in situations where contractors may be assumed to be agency 
employees or representatives; 
14: Participate as technical advisors to source selection boards or as members 
of a source evaluation board; 
15: Serve as arbitrators or provide alternative methods of dispute resolution; 
16: Construct buildings intended to be secure; 17: Provide inspection services; 
18: Provide legal advice and interpret regulations and statutes for government
officials; 
19: Provide non-law enforcement security activities that do not directly involve 
criminal investigations. 

Source: GAO analysis of FAR section 7.503(d)

Appendix III: Department of Homeland Security Inspector General Oversight

GAO designated DHS as a high-risk organization in 2003 due to the serious
implications for our national security that result from the management
challenges and program risks associated with implementing and transforming
the department from 22 agencies. In addition, the DHS Inspector General
has identified major management challenges facing the department, which
are updated annually as required by the Reports Consolidation Act of
2000.1

Acquisition and contract management are included as a management challenge
identified by the Inspector General. Other management challenges
identified by the Inspector General include catastrophic disaster response
and recovery including FEMA activities and grants management; financial
management; information technology management, including the National
Asset Database to coordinate infrastructure protection activity; border
security; transportation security; and trade operations and security
mainly through the work of customs and border protection.

The Inspector General provided oversight coverage of DHS and the
identified management challenges during fiscal years 2005 and 2006 through
audits, inspections, memos, management reports, and investigations. The
Inspector General issued 106 reports during fiscal year 2005 and closed
639 investigations. In fiscal year 2006 the Inspector General issued 133
reports and closed 507 investigations. As a result, the Inspector General
reported over $271.7 million in questioned costs, unsupported costs, and
better use of funds, and over $157 million in recoveries, fines, and
restitutions resulting from investigations over the 2-year period.

On August 29, 2005, Hurricane Katrina hit the Gulf Coast states, causing
catastrophic damage to the region, and by September 2005, Congress had
passed legislation that provided approximately $63 billion for disaster
relief, the bulk of which went to the Federal Emergency Management Agency.
Consequently, the DHS Inspector General issued a significant number of
reports that addressed FEMA operations and grantees (see fig. 4).

The DHS Inspector General increased the number of reports related to
contract and acquisition management from 3 in fiscal year 2005 to 32 in
fiscal year 2006 (see fig. 4). These reports ranged from audits of
specific contracts to overall acquisition management by DHS. For example,
the Inspector General reviewed individual contracts for disaster recovery
from Hurricane Katrina, including debris removal, and also provided a
review of the weaknesses in the procurement and program management
operations throughout DHS. In addition to the DHS Inspector General's
reports, the Defense Contract Audit Agency increased the number of DHS
contract audits from 83 reports to 121 reports over the same fiscal years.

^1Pub. L. No. 106-531, 114 Stat. 2537 (Nov. 22, 2000).

Figure 4: Inspector General Coverage of DHS Offices and Management
Challenges

[See PDF for image]

This figure is a vertical bar graph with bars depicting number of 
reports in ten categories for fiscal years 2005 and 2006. The vertical 
axis of the graph represents number of reports from 0 to 80. The 
horizontal axis of the graph represents fiscal year 2005 and 2006 
reports in the ten categories. The data depicted is as follows:

Acquisition and contract management: 
Number of reports, fiscal year 2005: 3; 
Number of reports, fiscal year 2006: 32; 

Citizenship and Immigrations Services (CIS): 
Number of reports, fiscal year 2005: 5; 
Number of reports, fiscal year 2006: 7; 

Coast Guard: 
Number of reports, fiscal year 2005: 7; 
Number of reports, fiscal year 2006: 7; 

Customs and Border Protection (CBP): 
Number of reports, fiscal year 2005: 10; 
Number of reports, fiscal year 2006: 20; 

FEMA Operations: 
Number of reports, fiscal year 2005: 57; 
Number of reports, fiscal year 2006: 76; 

FEMA grants management: 
Number of reports, fiscal year 2005: 53; 
Number of reports, fiscal year 2006: 54; 

Immigration and Customs Enforcement (ICE): 
Number of reports, fiscal year 2005: 6; 
Number of reports, fiscal year 2006: 9; 

Information technology: 
Number of reports, fiscal year 2005: 18; 
Number of reports, fiscal year 2006: 24; 

Secret Service: 
Number of reports, fiscal year 2005: 3; 
Number of reports, fiscal year 2006: 3; 

Transportation Security Administration (TSA): 
Number of reports, fiscal year 2005: 12; 
Number of reports, fiscal year 2006: 16. 

Source: GAO analysis of DHS Inspector General audits, memos, and 
management reports. 

Appendix IV: Comments from the Department of Homeland Security 

U.S. Department of Homeland Security: [hyperlink, http://www.dhs.gov]: 
Washington, DC 20528: 

September 10, 2007:

Mr. John P. Hutton: 
Director, Acquisition and Sourcing Management: U.S. Government 
Accountability Office: 441 G Street, NW: 
Washington, DC 20548: 

Dear Mr. Hutton: 

RE: Draft Report GAO-07-990, Department of Homeland Security: Improved 
Assessment and Oversight Needed to Manage Risk of Contracting for 
Selected Services (GAO Job Code 120544): 

The Department of Homeland Security (DHS) appreciates the opportunity 
to review and comment on the draft report referenced above. The U.S. 
Government Accountability Office (GAO) makes five recommendations to 
improve the Department's ability to manage the risk of selected 
services that closely support inherently governmental functions as well 
as government control over and accountability for decisions. As 
detailed below, we agree with three recommendations and partially agree 
with the other two.

Recommendation 1: Establish strategic level guidance for determining 
the appropriate mix of government and contractor employees to meet 
mission needs.

We agree with the recommendation. In concert with the DHS Chief Human 
Capital Officer, personnel within the Office of the Chief Procurement 
Officer (OCPO) plan to initiate staffing studies related to the skill 
sets of individuals and staffing levels of programs under the purview 
of the Department. The outcome of this study will include 
recommendations for the number and skill sets of federal employees 
required to successfully manage long term projects and programs at the 
Department. This effort, in conjunction with overall human capital 
planning at the Department, should address the concerns relative to 
this recommendation.

Recommendation 2: Assess the risk of selected contractor services as 
part of the acquisition planning process, and modify existing 
acquisition guidance and training to address when to use and how to 
oversee those services in accordance with federal acquisition policy.

We partially agree with the recommendation. The DHS Acquisition 
Planning Guide already provides for the assessment of risk with respect 
to the planned acquisition processes and this requirement will be 
emphasized during OCPO discussions with the Heads of Contracting 
Activities as well as through an acquisition alert to Department 
contracting personnel.

As a result of the information provided by the GAO during the 
engagement, the application of OFPP Letter 93-1, Management Oversight 
of Service Contracting (May 18, 1994) was brought to the Department's 
attention. Further research on the part of OCPO officials led to the 
realization that this particular guidance was not part of the regular 
training process for acquisition personnel, not only at DHS but also at 
the Defense Acquisition University (DAU). We have taken steps to ensure 
that this guidance is disseminated and discussed during DHS training 
for Contracting Officers and Contracting Officer Technical 
Representatives (COTRs) prior to the certification of the COTRs. DHS 
officials have also coordinated with the DAU course director for the 
COTR training to ensure that OFPP Letter 91.3 guidance is included in 
training at the university. Since DHS officials rely on DAU training 
and certification to a certain extent for COTRs, we intend to follow-up 
on the inclusion of the guidance in OFPP Letter 93-1 in the DAU 
training regimen.

Recommendation 3: Define contract requirements to clearly describe 
roles, responsibilities, and limitations of selected contractor 
services as part of the acquisition planning process.

OCPO officials agree that implementing this recommendation is the key 
to the eventual success of the efforts to address the risks of 
contracts for services. As part of the initiatives begun by DHS in the 
areas of program and project management, and in conjunction with the 
staffing studies discussed above, OCPO officials anticipate that an 
increased awareness and understanding of the risks associated with 
contracted services will be appropriately addressed more often in the 
future. There has already been evidence of this recognition occurring 
at the Coast Guard, where the Statement of Work for the contract for 
the Office of Standards Evaluation and Development support was 
completely revised for the most recent award in order to address the 
very issue covered in this report. Better requirements definition for 
service contracts will lead to fewer Time and Materials type contracts 
and more effective use of Performance Based Service Contracts 
throughout DHS. This objective will be very difficult to achieve, and 
it is far too early to place such progress on a timeline for 
completion. Nevertheless, DHS officials recognize the criticality of 
the need and have begun to chart a way forward on the broad front of 
requirements definition.

Recommendation 4: Assess program office staff and expertise necessary 
to provide sufficient oversight of selected contractor services.

We agree. This process has already begun at the Transportation Security 
Administration (TSA). The TSA Assistant Administrator for Acquisition 
has developed a notional staffing plan for program and project offices 
that incorporates both ethical aspects, such as conflicts of interest, 
and the examination of inherently governmental functions in the 
development of a staffing plan for a program office. The notional plan 
is accompanied by a training program as well as guides to the numbers, 
skill sets and assignments of federal employees necessary to maintain 
program control, provide oversight and ensure that no inherently 
governmental functions are performed by service contractors. While this 
effort is being implemented on a component scale at TSA, the Department 
is proceeding on a larger scale initiative to address many of the same 
issues as mentioned in our response to the first recommendation.

Recommendation 5: Review contracts for selected services as part of the 
acquisition oversight program.

We partially agree with the recommendation in so far as to agree that 
the Director of Acquisition Oversight at the direction of the Chief 
Procurement Officer intends to specifically assess the issue raised in 
the report and related recommendation. DHS does not concur that the 
recommended practice should be incorporated into the routine 
acquisition oversight reviews contemplated, planned and executed in 
accordance with DHS Directive 0784, Acquisition Oversight Plan and 
Guidance. It would be counterproductive to modify the formal Oversight 
Plan for each issue raised by an individual GAO or DHS Office of 
Inspector General engagement. To do so would disrupt the workflow of 
routine oversight assessments and inevitably result in the devolution 
of the corporate wide plan into a series of special reports and 
jeopardize the intended planned assessments. OCPO senior personnel 
agree that the issue of the appropriate use of service contracts is 
worthy of special interest as the rest of the responses to this report 
are implemented and will direct a special investigation on selected 
issues at the appropriate time.

Sincerely, 

Signed by: 

Steven J. Pecinovsky: 
Director: 
Departmental GAO/OIG Liaison Office: 

(120544)

[47]www.gao.gov/cgi-bin/getrpt?GAO-07-990 .

To view the full product, including the scope
and methodology, click on the link above.

For more information, contact John Hutton at (202) 512-4841 or
[48][email protected] .

Highlights of [49]GAO-07-990 , a report to congressional requesters

September 2007

DEPARTMENT OF HOMELAND SECURITY

Improved Assessment and Oversight Needed to Manage Risk of Contracting for
Selected Services

In fiscal year 2005, the Department of Homeland Security (DHS) obligated
$1.2 billion to procure four types of professional and management support
services--program management and support, engineering and technical, other
professional, and other management support. While contracting for such
services can help DHS meet its needs, there is risk associated with
contractors closely supporting inherently governmental
functions--functions that should be performed only by government
employees.

This report (1) describes the contracted services, (2) identifies
potential risk and the extent to which DHS considered risk when deciding
to contract for these services, and (3) assesses DHS's approach to
managing and overseeing these services.

GAO analyzed 117 judgmentally selected statements of work and 9 cases in
detail for contracts awarded in fiscal year 2005 by the Coast Guard, the
Office of Procurement Operations (OPO), and the Transportation Security
Administration (TSA).

[50]What GAO Recommends

GAO recommends that DHS take actions to improve its ability to manage risk
and ensure government control over and accountability for decisions
resulting from services that closely support inherently governmental
functions. DHS generally agreed with these recommendations.

More than half of the 117 statements of work that GAO reviewed provided
for reorganization and planning activities, policy development, and
acquisition support--services that closely support the performance of
inherently governmental functions. Other such services supporting a broad
range of programs and operations at Coast Guard, OPO, and TSA included
budget preparation, regulation development, and employee relations.

Decisions to contract for professional and management support services
were driven by the need for staff and expertise to get programs and
operations up and running. However, for the nine cases we reviewed,
program officials did not assess the risk that government decisions may be
influenced by, rather than independent from, contractor judgments. These
cases included services that have the potential to increase this risk. For
example, contractors directly supported DHS missions and performed on an
ongoing basis work comparable to that of government employees. Most of the
nine contracts also lacked detail or covered a wide range of services.
Conditions such as these need to be carefully monitored to ensure the
government does not lose control over and accountability for
mission-related decisions. DHS has not explored ways to manage the risk of
these contractor services, such as through total workforce deployment
across the organization.

The level of oversight DHS provided did not always ensure accountability
for decisions or the ability to judge whether the contractor was
performing as required. Federal acquisition policy requires enhanced
oversight of contracts for services that can affect government decision
making, policy development, or program management. While contracting
officers and program officials acknowledged their professional and
management support services contracts closely supported inherently
governmental functions, they did not see a need for increased oversight.
Insufficient oversight increases the potential for a loss of management
control and the ability to ensure intended outcomes are achieved.

Range of Contracted Services and Related Risk Level

Source: GAO analysis.

Report to Congressional Requesters

September 2007

DEPARTMENT OF HOMELAND SECURITY

Improved Assessment and Oversight Needed to Manage Risk of Contracting for
Selected Services

References

Visible links
  30. http://www.gao.gov/cgi-bin/getrpt?GAO/RCED-91-186
  31. http://www.gao.gov/cgi-bin/getrpt?GAO/GGD-92-11
  32. http://www.gao.gov/cgi-bin/getrpt?GAO-07-45SP
  33. http://www.gao.gov/cgi-bin/getrpt?GAO-05-179
  34. http://www.gao.gov/cgi-bin/getrpt?GAO-04-544
  35. http://www.gao.gov/cgi-bin/getrpt?GAO-07-20
  36. http://www.gao.gov/cgi-bin/getrpt?GAO-05-456
  37. http://www.gao.gov/cgi-bin/getrpt?GAO/AIMD-00-21
  38. http://www.gao.gov/cgi-bin/getrpt?GAO-07-20
  39. http://www.gao.gov/cgi-bin/getrpt?GAO-05-300
  40. http://www.gao.gov/cgi-bin/getrpt?GAO/GGD-99-179
  41. http://www.gao.gov/cgi-bin/getrpt?GAO-07-20
  42. http://www.gao.gov/cgi-bin/getrpt?GAO-06-714T
  43. http://www.gao.gov/cgi-bin/getrpt?GAO-05-274
  44. http://www.gao.gov/cgi-bin/getrpt?GAO-07-900
  45. http://www.gao.gov/
  46. mailto:[email protected]
  47. http://www.gao.gov/cgi-bin/getrpt?GAO-07-990
  48. mailto:[email protected]
  49. http://www.gao.gov/cgi-bin/getrpt?GAO-07-990
*** End of document. ***